All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

JMX add-on installation on which splunk components?

tweaktubbie
Communicator
‎03-30-2016 07:35 AM

"In a distributed deployment, install the Splunk Add-on for Java Management Extensions to your search heads, indexers, and heavy forwarders.

This add-on does not support universal forwarders because the add-on requires Python.

Note: You cannot use a deployment server to deploy the configured add-on to forwarders because the add-on uses modular inputs to collect data remotely. Using a deployment server to deploy configured add-ons to multiple forwarders results in duplicate data collection" (LINK)

Wondering why I'd need to put it on the indexers? Or even on the search heads, assuming I configure the app from the HF webconsole. And make own alerts or views, not some included in an app or add-on?

Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎03-30-2016 05:33 PM

Hi tweaktubbie,

You do not need to install the JMX add-on to indexers if you do not want to, as long as you are using a Heavy Forwarder to do the data collection. However, it will not do any harm to have it there.

You DO need to install the JMX add-on to your search heads to take advantage of all the search time knowledge, such as CIM mapping.

I'll correct the docs to clarify that installing on indexers is not strictly necessary. Thanks!

0 Karma
Reply

sandeepduppalli
Explorer
‎07-05-2020 09:00 PM

We have a Tomcat running and to collect JMX logs is it mandatory to have Heavy forwarder installed.?I know we cannot install JMX add-on for UF. Is there any alternative method other than having HF installed.?and catalina,localhost,and manager logs can be collected through UF right.?correct me if I am wrong

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...