Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can i use Splunk enterprises as uinversal forwarder?

ahmemohs03
Explorer
‎07-20-2018 08:38 AM

Can i use Splunk enterprises as uinversal forwarder? if yes please send me documentation

Thanks.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎07-20-2018 02:23 PM

You can, but you should not. See here:

https://www.splunk.com/blog/2016/12/12/universal-or-heavy-that-is-the-question.html

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 10:40 AM

Hi @ahmemohs03

Yes, you can use full enterprise version of splunk as a universal forwarder,

This makes you to have the Splunk UI enabled as well on the forwarder,

Please go through these docs.
https://docs.splunk.com/Documentation/Forwarder/7.1.2/Forwarder/Abouttheuniversalforwarder

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:46 AM

Thanks for the reply.

I had Linux A(Splunk enterprises) Linux B(UF)

Linux B logs need to be forwarder to Linux A (weburl..were splunk enterprises installed http:hostname:8000)

Do i need to installed full enterprise version of splunk as a universal forwarder on Linux B?

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:49 AM

No, you just need a universal forwarder on Linux B

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 10:54 AM

Thanks,

Linux A (splunk enterprises) Linux B(UF) already there.

but Linux A (splunk enterprises) as index server..weburl not comingup after UF installation.

i see ERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured. Please configure outputs.conf in splunkd.logs of index server.

0 Karma
Reply

PowerPacked
Builder
‎07-20-2018 11:28 AM

as mentioned in this other splunk answer, which was asked by you
https://answers.splunk.com/answers/672909/splunk-weburl-not-coming-up-after-configuring-univ.html#an...

Try to enable ssl communication between forwarder and indexer.

You can go through these docs to enable ssl communication between forwarder and indexer.
http://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureSplunkforwardingtousesignedcerti...
https://answers.splunk.com/answers/397/how-to-configure-ssl-for-forwarding-and-receiving-data.html

Thanks

0 Karma
Reply

ahmemohs03
Explorer
‎07-20-2018 01:29 PM

Thanks you, will try.

0 Karma
Reply

pradeepkumarg
Influencer
‎07-20-2018 10:39 AM

Yes, Splunk enterprise can work as a forwarder except that it becomes a heavy forwarder instead of universal forwarder.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Forwarding/Typesofforwarders

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...