What is the relationship between FWs reported by S...

SamHTexas · ‎09-09-2021

Are the forwarders in Splunk Ent. the same in ES? I ask because I get " missing FWs by MC in both & the numbers are not the same! Please shed some light on this. My understanding is that the FWs working with Splunk Ent. are the same working for the ES? Thank u for your help in advance.

richgalloway · ‎09-09-2021

Assuming Splunk Enterprise and ES are using the same set of indexers (the likely case) then, yes, they are using the same set of forwarders.

You should have only one MC, however. Put the MC on your License Manager or other management instance. That MC will be your one source of truth. The "Monitoring Console" on ES is not the True MC and so should be ignored.

Understand that ES is just an app (albeit a complex one) that runs on top of Splunk Enterprise. ES is not a separate environment that is managed separately. Manage the Splunk environment as a whole, with ES as a part of that whole.

Have you taken the Splunk Admin classes?

---
If this reply helps you, Karma would be appreciated.

SamHTexas · ‎09-13-2021

Thank u again. Yes sir I have taken many Splunk Admin classes. I found the ones on Splunk.com kind of dry. So I have taken many many classes on Pluralsight , Udemy with many good instructors such as Adam Frisbee & Chris Visaya (my favorite. Most classes had labs.+ Splunk Conf seminars. Gov place I work at is very very large & We are growing as fast as we can. I appreciate all the coaching & help I receive from you sir.

What is the relationship between FWs reported by Splunk Ent. in MC & the ones in ES reported by it's MC?

using Splunk Enterprise

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials