Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to view Splunk Enterprise Data on itself?

skrampachspl
Loves-to-Learn Lots
‎08-30-2022 06:01 AM

I hate to have a newbie question here but, I am deploying a Linux Splunk server with several windows workstations. The workstations show up in the forwarders area however, I cannot find the hostname of the Linux server I am on. Do I need to include a forwarder on the splunk server? I have never worked at the application level with splunk before so I apologize if this is a silly question.

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-30-2022 06:09 AM

If you have a single splunk server (SH + IDX on same node), then the easiest way is just install those apps directly into that node (don't use DS for that!!) to collect needed logs/events. If you have indexer cluster then use it to deliver apps to individual search peers.

Another way is use a UF on that/those nodes and install apps with it, but usually it's better to install those into splunk server(s).

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...