Splunk Enterprise

whether Splunk Light and Splunk universal forwarder cannot be installed in same machine?

Monica7
New Member

I have installed Splunk light in my local machine. I just want to get the logs from other remote machines.

I have read it like we can done it by Splunk Universal forwarder.i have tried to install splunk universal forwarder in the same machine. after that splunk light web portal stopped working.

if you want to get the logs from remote machine, do we need to install universal forwarder in the particular remote machine?

Kindly clarify on this

Tags (1)
0 Karma

gwiley_splunk
Splunk Employee
Splunk Employee

Hi,

The Universal Forwarder is installed on the remote machines where the logs are. You configure the Universal Forwarders to monitor the log files from which you want to collect events and then to send these events to your Splunk Light instance.

Check out the documentation on how to do this for Splunk Light.

ChrisG
Splunk Employee
Splunk Employee

The documentation he refers to is: Install and deploy a universal forwarder in the Splunk Light Installation Manual.

samj3341
New Member

I think you can install on the same machine.

0 Karma

gwiley_splunk
Splunk Employee
Splunk Employee

Hi,

Yes you can install the Universal Forwarder on the same machine as the Splunk Light instance though there wouldn't necessarily be any reason to do so since you can have the Splunk Light instance monitor local log files or receive syslog (or other network inputs) input directly. However, the OPs suggests that the log files are on remote machines so in this case you'd want the Universal Forwarder on those remote machines.

Cheers, Greg.

Monica7
New Member

Hi Greg,

Thanks for your answer. I have installed splunk light in one of the Linux server(which is accessible from local machine) and in my local machine also.

I am going to install universal forwarder in remote desktop server in windows. Whether I need to install forwarder in Linux box also(in remote desktop server). Or just installing and configuring in windows alone is enough for forwarding the logs to splunk light instance?

I am beginner in this splunk concept. so kindly clarify on this. thanks in advance

0 Karma

gwiley_splunk
Splunk Employee
Splunk Employee

Hi again,

I think you might benefit from reading through some of our documentation on forwarding data.

You should only have one instance of Splunk Light and then one or more Universal Forwarders running on one or more remote machines where the log files are to be monitored.

http://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Forwarderdeploymenttopologies

In the diagram in the link above your Splunk Light instance is labelled the Indexer.

You should also read this section of our documentation:

http://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/HowtoforwarddatatoSplunkLight

You can forward log data from Windows or Linux systems using the Universal Forwarder and your Splunk Light instance can run on either Linux or Windows.

I hope this helps.

Cheers, Greg.

0 Karma

gwiley_splunk
Splunk Employee
Splunk Employee

Thanks for picking this up Chris; I'd added the link in the editor and it previewed just fine; don't know why it didn't show up in the final submission:( Lesson learned today - always check the final submission!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...