I am using the latest universal forwarder and I enabled SSL encryption. The collected logs stored are encrypted in the indexes path C:\Program Files\Splunk\var\lib\splunk\Index_Name\db , but need to encrypt traffic between the indexer and forwarder only and store log files as is in the indexer server (Clear text).
Is this possible ?
... View more
i am working on a Centralized Log Management project using the latest Splunk version on an indexer (installed on Windows server 2012) and forwarders installed on 2 Linux servers, 4 Windows 2012 servers, and 8 Windows PC's.
I installed the Splunk Enterprise Trial on the indexer for my pilot testing which has 500 MB daily indexing volume.
I need centralized full control on many forwarders from one indexer server, and I am facing below problems:
SPLUNKD service RAM utilization is very high on forwarder machines (around 60 MB and increasing constantly) and can't be controlled by changing any parameter in many parameters in the configuration files (inputs.conf, outputs.conf, limits.conf).
So, what are the parameters that control RAM utilization and where are they located on the forwarder PC (config file name and path).
Note that I configured inputs.conf using an app controlled by the indexer server.
I enabled SSL and the collected logs stored encrypted in indexes path, but i only want to encrypt traffic between the indexer and forwarder and store log files as is in the indexer server (Clear text).
I can only restart the forwarder service remotely using CLI, but I canNOT Manage forwarders remotely (Stop, Start, Uninstall) from indexer server.
Could you please provide your kind advice.
... View more