Solved: Re: Difference between splunk app and splunk add-o...

gsrikanth87 · ‎01-08-2015

As per my understanding we install Splunk app on serverside, Splunk universal forwarder is client-side, then what is a Splunk add-on?

kml_uvce · ‎01-08-2015

yes , if your definition of client and server side like this
client side is your source of data/system
serverside is your indexer

View solution in original post

kml_uvce · ‎01-08-2015

yes , if your definition of client and server side like this
client side is your source of data/system
serverside is your indexer

gsrikanth87 · ‎01-08-2015

oh, Thank you. Do we have any video link for splunk configuration for unix/linux servers monitoring?

kml_uvce · ‎01-08-2015

universal forwarder : it is used to send data from source to indexer
Splunk app: you need to install in indexer or search head and shows you report, visualization
splunk addon:you need to install splunk add-on in forwarder and addon extract the data from source (example run scripts in unix addon) v and send to indexer via forwarder

gsrikanth87 · ‎01-08-2015

Thank you.. But I want to understand that where we install splunk app and splunk fowarder?

splunk app - server side
splunk universal forwarder- client side with addon

Is this correct?

Difference between Splunk app and splunk add-on and universal forwarder?

add-on

app

universal forwarder

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases