×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
SplunkStudent2
Engager
Member since: ‎03-28-2025
‎03-29-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-28-2025
Activity Feed
Topics I've Started
View All

Re: TA deployment question

by in Getting Data In
‎03-28-2025 07:17 PM
‎03-28-2025 07:17 PM
True, in this case it's universal forwarders sending the logs, that we don't manage, which is the only reason why they suggested deploying a TA at the indexer level.  They might want the custom sourcetype changed to a standardized one. Hmm also thank you, since I haven't seen anything for the splunk admin course to suggest it goes through that level and either does the udemy course.  I might retake the udemy course as a refresher then schedule the splunkcloud course since there's been talk of us migrating to it so the splunkcloud course would be more practical. thanks ... View more

TA deployment question

by in Getting Data In
‎03-28-2025 01:21 PM
‎03-28-2025 01:21 PM
I'm looking for training that would cover at when deploying a TA if it would have to go to the indexer level rather than the HF or the search head.  I know the HF usually gets the "Add-on" version of a TA just ran across certain circumstance recently where I was told I'd have to deploy a TA to the indexer level. I know there's the Splunk Certified Admin training on Udemy.  There's also the Splunk Enterprise Certified Admin training directly from Splunk.  Would either of those or something else cover what I'm looking for.   thanks     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-29-2025 03:54 AM
Karma given to
View All