Splunk Tutorial 09 : How to set up a Heavy Forwarder

From my previous blog – Splunk Tutorial 07: Different type of forwarders in Splunk – I have mentioned  there are three type of forwarder in Splunk. Today I am going to demonstrate how to setup a heavy forwarder.

Basically a heavy forwarder is simply a full instance of Splunk Enterprise with Splunk Forwarder license.

Therefore following is my computer setting:

Splunk Forwarder Virtual Machine

The left browser is to the Splunk Enterprise of my physical laptop while the virtual machine on the right bottom corner is the virtual machine where I have just set up a full Splunk Enterprise also I have already setup a receiver in my physical computer during my previous blog when setting up the Splunk Universal Forwarder.

 

Just for your information:

[vtftable cols=”{0}0-1:d9d9d9;{/}”]
Compuer;;;Host Name;nn;
Physical Computer;;;ACapturerLaptop;nn;
Virtual Machine;;;HeavyForwarder;nn;
[/vtftable]

 

 

Following is the steps to setup Splunk Heavy Forwarder.

 

At now, the heavy forwarder have been setup completely.

 

To test the setup, let’s following the instruction from “Splunk Tutorial 05: How to upload data into Splunk” to add some data to the Splunk Enterprise in the virtual machine and see if they have been forwarded to the Splunk Enterprise in the physical computer.

After loaded data into the Splunk Enterprise in the virual machine, goto Splunk Enterprise in the physical computer

1. Click "Search & Reporting"
1. Click “Search & Reporting”
2. You should see Latest Event is a few seconds ago
2. You should see Latest Event is a few seconds ago
03. Click on to Data Summary, you will see the source of where the data come from ("Heavy Forwarder" is the computer name of my virtual machine and also the Splunk Enterprise instance )
03. Click on to Data Summary, you will see the source of where the data come from (“Heavy Forwarder” is the computer name of my virtual machine and also the Splunk Enterprise instance )

 

Other useful link:

Splunk Tutorial 08: Installing Universal Splunk Forwarder and Setup Splunk Receiver

Splunk Tutorial 02 : How to install Splunk 7.1.1

How to Create a free Virtual computer for learning purposes?

 

Leave a Comment