See Configure forwarders with nf for more information. In addition, if you enable and configure a number of forwarders, you can easily accomplish this by editing a single nf file and making a copy for each forwarder. Most advanced configuration options are available only through nf. Although setting up forwarders with nf requires more initial knowledge, there are advantages to performing all forwarder configurations in a single location. You can also enable, as well as configure, forwarding by creating an nf file on the Splunk instance. You can use Splunk Web or the Splunk CLI to enable forwarding for a Splunk Enterprise instance. There isn't an option to install a heavy forwarder. Install a full Splunk Enterprise instance.Setting up a heavy forwarder is a two step process: You can then set up forwarders to send data to that receiver. The receiver must be another Splunk Enterprise instance, you can't forward data to the same machine unless that machine has another Splunk Enterprise instance running on it.Ī Splunk best practice is to set up the receiver first, as described in Enable a receiver. The receiver is the Splunk instance that receives the data the forwarder sends data to the receiver. To enable forwarding and receiving, you must configure both a receiver and a forwarder. This is unlike a universal forwarder, which can't index data at all and has limited data manipulation capability as a result of its reduced footprint. Enabling a heavy forwarder lets you perform all of the other tasks that the indexer is capable of, such as indexing, data routing, and transformation. You can enable a heavy forwarder on a full Splunk Enterprise instance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |