Getting Data In

Should we run Splunk Enterprise forwarders on Windows or Linux in our distributed search environment?

brent_weaver
Builder

We are rebuilding our distributed search Splunk environment:

1 Deployment Server
1 Dedicated Search Head
1 License Server
4 Indexer Servers
Client Fwd servers will be running Linux or Windows

We would like to run the entire environment on Linux but am concerned that some of the console apps will not work (i.e. MSSQL apps). For example we are running it on Windows now and we tried to install the Splunk App for *nix and it would not us use it. The save button was greyed out and it told us that we need to run it on Linux. Is this in our head? Do we need to have it running on Linux to monitor linux, and the same for Windows?

Any insight is MUCH appreciated!

0 Karma

aholzel
Communicator

I would run everything on linux that will give you a beter performance you can run all apps on both Windows and Linux, you just can't use all the TA's on both. This is correct and makes sense when you think about it, because on Windows there is no /var/log/ directory to monitor... The problem you were having with the *nix app was that it was the config of the TA you were trying to save, you can safely ignore that and remove the visibility of that part, in the manage app menu of Splunk.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...