Installing the forwarder itself is easy: you can download the Universal Forwarder from the Splunk web site. A URL which you actually use to hit your search head and do searches.An SSL password, used to decrypt your SSL cert.A splunk client certificate, used to authenticate your client against the indexer.An SSL CA certificate, used by your client to verify connections to the Splunk indexer.It is possible to have multiple indexes for your instance, but initially you'll start with a single index (if you need more later on, you should submit a ticket and request them) an " index" to use, which usually corresponds to your department's name.the splunk indexer server:port combination this is what the forwarder will connect to.When you have your departmental instance created, you will be provided with the following information, which you must use to configure your forwarders: If you have your own group which you will use to control access, refer to that group in your ticket. Access to your Splunk instance is governed by grouper groups (or, I guess, group manager groups?). If you don't have one yet, submit a ticket to the OIT help desk asking for a departmental Splunk instance. In the simplest case, this is probably the search app, which is all this document discusses.īefore you can use Splunk, you need to have that departmental instance. Apps: "bundles" of Splunk configuration.Departmental Splunk instance: this isn't a Splunk term per se, but it's how I refer to the bundle of things that make up the Splunk environment that OIT "gives" my department.Search head: I think of this as the "front end" Splunk server, which is in charge of actually running your queries.Indexer: I think of this as a Splunk "server" - it ingests the data you send and "indexes" it.It can run directly on most general purpose OSes, and it is responsible for gathering data and sending it on to the indexer Universal Forwarder: I think of this as the "Splunk client".Splunk has its own set of terminology here are some useful things to know about:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |