From my previous blog – Splunk Tutorial 07: Different type of forwarders in Splunk – I have mentioned there are three type of forwarder in Splunk. Today I am going to demonstrate how to setup a heavy forwarder.
Basically a heavy forwarder is simply a full instance of Splunk Enterprise with Splunk Forwarder license.
Therefore following is my computer setting:
The left browser is to the Splunk Enterprise of my physical laptop while the virtual machine on the right bottom corner is the virtual machine where I have just set up a full Splunk Enterprise also I have already setup a receiver in my physical computer during my previous blog when setting up the Splunk Universal Forwarder.
Just for your information:
Following is the steps to setup Splunk Heavy Forwarder.
At now, the heavy forwarder have been setup completely.
To test the setup, let’s following the instruction from “Splunk Tutorial 05: How to upload data into Splunk” to add some data to the Splunk Enterprise in the virtual machine and see if they have been forwarded to the Splunk Enterprise in the physical computer.
After loaded data into the Splunk Enterprise in the virual machine, goto Splunk Enterprise in the physical computer
Other useful link: