Hi
Could you please give me clarification the below point?
I have gone through the splunk videos and understand the splunk components. As per my understanding
Forwarder: Which installed on Application server (from which we get data for analysis)
Search Head: Splunk enterprise which we use to search for the data, create dashboards, reports, alert and any administration task.
Splunk enterprise is installed on individual server (splunk server)
Indexer: I am confused about indexer.
I understood the concept that data from application server is forwarded to Indexer by forwarder.
Indexer, indexes the incoming data and stores as events (in the form of table (rows and columns))
The data from the indexer is then forwarded to Search Head(splunk enterprise) for analysis.
My confusion is how do we install indexer? Do we need to install indexer like forwarder/splunk enterprise?
I always heard from colleagues that we need to select the indexer to which data is to be forwarded.
Please help me with clarification. Also, correct if my understanding is wrong
Sorry, it may be a very basic question. But, I am very new and have to handle my next project on splunk. I want to gain strong basic knowledge.
Thanks&Reagards
Srinivas
↧