I have installed Splunk light in my local machine. I just want to get the logs from other remote machines.
I have read it like we can done it by Splunk Universal forwarder.i have tried to install splunk universal forwarder in the same machine. after that splunk light web portal stopped working.
if you want to get the logs from remote machine, do we need to install universal forwarder in the particular remote machine?
Kindly clarify on this
Hi,
The Universal Forwarder is installed on the remote machines where the logs are. You configure the Universal Forwarders to monitor the log files from which you want to collect events and then to send these events to your Splunk Light instance.
Check out the documentation on how to do this for Splunk Light.
The documentation he refers to is: Install and deploy a universal forwarder in the Splunk Light Installation Manual.
I think you can install on the same machine.
Hi,
Yes you can install the Universal Forwarder on the same machine as the Splunk Light instance though there wouldn't necessarily be any reason to do so since you can have the Splunk Light instance monitor local log files or receive syslog (or other network inputs) input directly. However, the OPs suggests that the log files are on remote machines so in this case you'd want the Universal Forwarder on those remote machines.
Cheers, Greg.
Hi Greg,
Thanks for your answer. I have installed splunk light in one of the Linux server(which is accessible from local machine) and in my local machine also.
I am going to install universal forwarder in remote desktop server in windows. Whether I need to install forwarder in Linux box also(in remote desktop server). Or just installing and configuring in windows alone is enough for forwarding the logs to splunk light instance?
I am beginner in this splunk concept. so kindly clarify on this. thanks in advance
Hi again,
I think you might benefit from reading through some of our documentation on forwarding data.
You should only have one instance of Splunk Light and then one or more Universal Forwarders running on one or more remote machines where the log files are to be monitored.
http://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Forwarderdeploymenttopologies
In the diagram in the link above your Splunk Light instance is labelled the Indexer.
You should also read this section of our documentation:
http://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/HowtoforwarddatatoSplunkLight
You can forward log data from Windows or Linux systems using the Universal Forwarder and your Splunk Light instance can run on either Linux or Windows.
I hope this helps.
Cheers, Greg.
Thanks for picking this up Chris; I'd added the link in the editor and it previewed just fine; don't know why it didn't show up in the final submission:( Lesson learned today - always check the final submission!