- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- forwarder Or universal forwarder
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
forwarder Or universal forwarder
I have a splunk 6.0.1 installed in my system.
Can i set my mechine as forwarder and receiver.
I need to read vales from DB and forward to same mechine.
Can anybody show tutorials to this.
Also it will be helpful if you can tell me how to set up universal forwarder.
Thanks
Jim John
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jimjohn,
If you just want to query a DB and forward it to your local Splunk Server, then there is no need to install and setup an universal forwarder in this use case.
Follow the docs on how to Setup DB connect in your local Splunk Server UI and you can use the dbquery search command to get results from the DB directly into your local Splunk Server.
Usually an universal forwarder is installed on remote servers to get data into Splunk.
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
according to the docs DB connect should be setup on the search head (the web interface where you do the searches) http://docs.splunk.com/Documentation/DBX/latest/DeployDBX/Otherdeploymentconsiderations . nothing mentioned about setup on universal forwarder though......
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Last question .
I want to configure DB fetching operation in universal forwarder.
Is it possible? If so please have any tutorials or links
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sure you can do this, here is some intro about the universal forwarder http://docs.splunk.com/Documentation/Splunk/6.0.1/Forwarding/Introducingtheuniversalforwarder also read http://docs.splunk.com/Documentation/Splunk/6.0.1/Forwarding/Aboutforwardingandreceivingdata and last but not least don't forget to enable receiving on the indexer http://docs.splunk.com/Documentation/Splunk/6.0.1/Forwarding/Enableareceiver
hope this helps...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK,
I did DB connect in local.
Can you please provide tutorials for configuring universal forwarder.
For testing purpose is it possible to use splunk and universal forwarder in same machine.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
