To avoid gargantuan allow lists, use the machines filter to define what machines get the app according to their operating system. There should be an app which is distributed to all hosts to meet this compliance requirement. For example, there might be multiple organizations running many Windows servers with numerous services or applications that need to be monitored, but what all of them have in common is the requirement to gather a common set of WinEventLogs. Whether a host is running a web server, a custom app, or something else that will be monitored, you probably have one or more set of base inputs that will run on large groups of hosts. The destination may be Splunk Enterprise indexers, Splunk Cloud Platform indexers, or intermediate forwarders, which forward on to the indexers. This app configures where your forwarders send data, and any TLS encryption settings and certificates that go with it. Might include nf, tls-certificates, and nf If there is a change to the nf, such as new indexers added to a cluster, they can be changed by editing a single line in this single, global deployment app.
SETTING UP SPLUNK FORWARDER INSTALL
This is the first app you install on your universal forwarders, as it will point them to the deployment server, where they will routinely phone home to have all configurations managed.Īll forwarders get this app. If you have a very large environment, you might have multiple deployment servers, sometimes separated to service groups of forwarders. Suggested AppĪll forwarders get this app. For more information on the configuration files named in the table, see List of configuration files in the Splunk Admin Manual.
0 kommentar(er)
