Hello
I am new to Splunk and have a couple demo versions set up for testing. We want to use splunk primarily to log for troubleshooting purposes in our VMware VSphere infrastructure environment
Today we log our ESXi and Nix infrastructure machines --> to a syslog collector UDP 514. This syslog collector sits behind a Netscaler which provides fail-over capability between one or the other if one is down for whatever reason.
As I understand it if we install the universal agent on machines that we can. The universal forwarder can handle the "heartbeating" and fail over to one splunk receiver or the other. If this is accurate, what do we do for machines we can not ,or is not logical to install the Splunk Universal Forwarder. We tend to not want to switch to syslog-ng TCP because of network concerns.
We are trying to get rid of the netscaler in our equation. But as I understand it Splunk does not recommend putting Splunk receivers behind load balancers. Also I think I am correct that in the Splunk world HA is more focused on High Availability of the Data that has been already received/collected.
Do you have any recommendations in our scenario.
Thanks,
-Christian
Navisite, Inc.
A Time Warner Company
... View more