Solved: What is the relationship between Splunk Enterprise...

kataoka · ‎06-13-2016

I want to know the two relations between the universal forwarder and Splunk Enterprise.

richgalloway · ‎06-13-2016

Splunk Enterprise is data store for server logs and other machine data. It receives data from various sources, indexes it, stores it, and provides a UI that allows users to search that data and produce reports.

The Universal Forwarder is essentially a Splunk "agent". It resides on monitored servers where it collects data and passes it on (forwards it) to Splunk Enterprise for storage.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

ddrillic · ‎06-14-2016

Similar question at What is the difference between Splunk Enterprise and Universal Forwarder?

richgalloway · ‎06-13-2016

Splunk Enterprise is data store for server logs and other machine data. It receives data from various sources, indexes it, stores it, and provides a UI that allows users to search that data and produce reports.

The Universal Forwarder is essentially a Splunk "agent". It resides on monitored servers where it collects data and passes it on (forwards it) to Splunk Enterprise for storage.

---
If this reply helps you, Karma would be appreciated.

What is the relationship between Splunk Enterprise and the Universal Forwarder?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!