I have installed Splunk UF to each and every node and Splunk to a single node. Do I need to install Splunk enterprise to all the nodes/host having same port number?
If No, then is there any doc which will give a quick demo ??
Many Thanks
Hi pratibha,
What do you mean by node in this case.? If you have a single-instance setup in that case,you need to install Splunk universal forwarder on host from which data has to be monitored and Splunk Enterprise on your splunk server.
You can refer docs below:
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchTutorial/InstallSplunk
http://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/Configuretheuniversalforwarder
Hope this helps!!!
Hi pratibha,
What do you mean by node in this case.? If you have a single-instance setup in that case,you need to install Splunk universal forwarder on host from which data has to be monitored and Splunk Enterprise on your splunk server.
You can refer docs below:
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchTutorial/InstallSplunk
http://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/Configuretheuniversalforwarder
Hope this helps!!!
Thanks Deepshri for answering this but I am too confused with the following:
Do I monitor the logs of various host IDs with a splunk enterprise installed only on one of the host id and splunk UF on all of them?
Yes , and you need to add the path in inputs.conf on forwarder to monitor the logs you need to index in splunk.
Also you need to enable outputs.conf on forwarder and enable receiving on indexer.
You also need to create index in indexes.conf on splunk instance.
Refer the link:
http://docs.splunk.com/Documentation/Splunk/7.0.2/Data/Getstartedwithgettingdatain
Let me know if this helps!!
This is helpful.
Many thanks Deepashri 🙂