#Random
This is a place to discuss all things outside of Splunk, its products, and its use cases.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

easy home lab directions

cjsweeney1
Explorer
‎08-12-2019 02:16 PM

Hi looking to renew my power user cert from 6.x to 7.3.1 and looks like the course wants an installation of Splunk which i've loaded.... my question is can the forwarder be on the same PC and the enterprise server? Not how you'll see it in the real world but looking to keep this simple to knock out and i'll spin up some VM's when i get to the admin level courses...

Tags (1)
0 Karma
Reply

marycordova
SplunkTrust
SplunkTrust
‎08-12-2019 03:08 PM

This is what I would do:

  1. Host OS Windows with Splunk Enterprise installed and local Windows event logs collected (can configure easy from the UI)
  2. Guest OS *nix with Universal Forwarder installed and *nix TA setup to collect local logs and forward them to the enterprise install on the host

You can vary this if you prefer a Host on Mac or *nix you can put Windows on the VM. Here is a link to create free Windows 10 installations: https://www.microsoft.com/en-us/software-download/windows10

This setup also supports playing around with Deployment Server since you have a forwarder you can manage "remotely".

@marycordova
0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...