I've been asked to write a document about the process of SplunkForwarder connecting with a deployer or indexer and forwarding data.
I've been browsing Splunk docs for an hour or two and all I see is configuration / troubleshooting tutorials.
What is the identification process step by step?
I'm guessing it's something like: heartbeat > enlistment > application push > data push, but I'm not sure myself and I hope you guys have a better, more detailed explanation for me.
The forwarder communicates with a few Splunk processes, not necessarily in this order.
As for the protocol between the forwarder and the other processes, well, its proprietary so you're not likely to find documentation on it. Wireshark may be your best friend for help with that.
The forwarder communicates with a few Splunk processes, not necessarily in this order.
As for the protocol between the forwarder and the other processes, well, its proprietary so you're not likely to find documentation on it. Wireshark may be your best friend for help with that.
Thanks for the thorough explanation.