![]() ![]() It is helpful in networks and deployments where a universal forwarder cannot be installed. The ISF sends captured network data to Splunk using the HTTP event collector, and does not require a Splunk universal forwarder to collect wire data. ![]() The ISF is a standalone Stream forwarder. Components of a Splunk Enterprise deployment in the Splunk Enterprise Capacity Planning Manual.Deployment server provisioning in Upgrading Splunk Enterprise Instances.If a new version is found, all universal forwarders subscribed as deployment clients pull and install the new version of the add-on. When you upgrade to a new version of Splunk Stream, the deployment server detects whether a new version of The Splunk Add-on for Stream Forwarders exists. Use the Splunk deployment server to distribute The Splunk Add-on for Stream Forwarders package ( Splunk_TA_stream) to universal forwarders across a distributed deployment. You must also install the Add-on for Stream Wire Data ( Splunk_TA_stream_wire_data) on your heavy forwarder wherever that index performs pipeline processing. If you use a heavy forwarder in your Splunk Stream configuration, the Splunk Add-on for Stream Forwarders ( Splunk_TA_stream) must be installed on universal or heavy forwarders where you want to capture network data. For more information, see Network collection architectures in this manual For dedicated wire capture in Linux environments without a universal forwarder, use the Independent Stream Forwarder (ISF). The Splunk Add-on for Stream Forwarders ( Splunk_TA_stream) must be installed on universal forwarders where you want to capture network data. Splunk Add-on for Stream Wire Data contains both search and index time knowledge objects. Splunk Add-on for Stream Wire Data ( Splunk_TA_stream_wire_data) must be installed on all indexers for searching and parsing. You can optionally install Splunk Add-on for Stream Forwarders ( splunk_TA_stream) if you want to collect data from the search head or want to use the PCAP upload. The Splunk App for Stream ( splunk_app_stream) and Splunk Add-on for Stream Wire data ( Splunk_TA_stream_wire_data) must be installed on search heads. For distributed installation instructions, see Install Splunk Stream in a distributed environment in this manual.Ī distributed deployment for Splunk Stream includes the following deployment locations and Splunk Stream components: ![]() A distributed deployment can be used in medium and large enterprise network infrastructures. For single instance installation instructions, see Install Splunk Stream on a single instance in this manual.Ī Splunk Stream distributed deployment can capture network event data from multiple network devices, including NICs, switches, and routers. A single instance deployment can support one or two users running concurrent searches, which is ideal for a small test environment. When you install Splunk Stream on a single Splunk Enterprise instance, that instance serves as both search head and indexer and provides both search and storage capability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |