Reputation: 4511
Splunk enterprise Vs Universal forwarder
I am very new to splunk. I have installed the enterprise app on an EC2 instance.
I have many queries:
- What is the difference between splunk enterprise and universal forwarder?
- Difference between its capabilities?
- What use case they support?
Upvotes: 0
Views: 1795
Answers (2)
Reputation: 96
Splunk has several components such as Search heads, Universal forwarder, Heavy forwarder and indexer.
Universal forwarder ultimately collect the logs from app and forwards to either Heavy forwarder to indexer or directly forward data indexers.
Upvotes: 0
Reputation: 171
Splunk's components include the Indexer, Search Head, and Universal Forwarder. In a small deployment it's common to install the Indexer and Search Head on one Splunk server, and this is the default install package you downloaded as "Splunk Enterprise".
The Universal Forwarder is the data collection agent. It collects data and "forwards" it to the Splunk server.
If you are running the Splunk server on the same system you want to collect data from, you don't have to use the Universal Forwarder, you can configure the server to collect data.
You can find a good getting started guide here: http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial
Upvotes: 1
Related Questions
- Why should I use Amazon Kinesis and not SNS-SQS?
- Kinesis vs SQS, which is the best for this particular case?
- Pulumi EKS cluster: @pulumi/eks vs. @pulumi/aws
- Splunk: indexes and metrics
- Will AWS S3 event forwarding to SQS will end up being a different message than S3 to SNS to SQS?
- Amazon SES vs Node Mailer
- Splunk vs ELK - Manage Production logs
- Advantages to using Splunk Universal Forwarders or Splunk REST API?
- Amazon sqs vs custom implementation
- Why create splunk dashboards vs views?