Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Has Anyone put a Forwarder on a Tablet?

skoelpin
SplunkTrust
SplunkTrust
‎08-10-2016 12:27 PM

Has anyone captured Windows Event Logs from tablets and forwarded it to their indexer?

We're currently trying to solve an issue where the tablet HDD is 500MB and the tablet may lose network connectivity for 12 hours before it's able to get back on the network. This means that the data will be stored locally on the tablet but unable to forward to the indexer.. There's a possibility that the log data will roll before it's able to get network connectivity again which means the data will never make it to the indexer.

I know that the UF can queue up to 500kb, but we expect that more than 500kb of data will be collected when there's no network connection. So my question, has anyone had a similar situation like this? How did you solve it?

We're debating setting up a storage hub to act as a buffer between the tablet and the indexer but this isn't ideal..

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎08-10-2016 02:46 PM

First, you can increase the size of the UF queues. Second, have you considered using Splunk Mint? It is designed for mobile apps...

http://www.splunk.com/en_us/products/splunk-mint.html

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎08-10-2016 02:46 PM

First, you can increase the size of the UF queues. Second, have you considered using Splunk Mint? It is designed for mobile apps...

http://www.splunk.com/en_us/products/splunk-mint.html

Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎08-10-2016 03:39 PM

That was my first thought, but if I doubled the size of the queue then I'd most likely consume more than twice the amount of memory right? Slowing the tablets down is not an option unfortunately

I was thinking about suggesting they create a hub and send the data via bluetooth from the tablets to the hub when network connectivity drops and this hub be hardwired into a network drop for a persistent internet connection. What's your thoughts on this?

I did overlook Splunk Mint, thanks for the suggestion!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...