Usually, to get data from your customer site to Splunk Cloud Platform, you use a forwarder.Ī forwarder is a version of Splunk Enterprise optimized to send data. The best way to get data in depends on the source of the data and what you intend to do with it. There are a few different ways to get data into Splunk Cloud Platform: forwarders, HTTP Event Collector (HEC), apps and add-ons, or the Inputs Data Manager (IDM). This section is designed to help you make decisions about the best way to get data into your Splunk Cloud Platform instance. Tools to get data into Splunk Cloud Platform See also the Data Manager for Splunk Cloud Platform User Manual. Monitor First In, First Out (FIFO) queues.
#FREE IDM MAC SUPPORT AUTHENTICATION WINDOWS#
Monitor Windows data with the Splunk platform.Splunk Cloud accepts a wide variety of data, and can also monitor relational databases and third-party infrastructures.įor more information, see the following sections in the Getting Data In manual: Types of data that Splunk Cloud Platform accepts For more information, see Work with forwarders. Its main limitation is that it forwards unparsed data, except in certain cases, such as structured data. In most situations, the universal forwarder is the best way to forward data to indexers. The universal forwarder does not support Python and does not expose a UI. The universal forwarder is a dedicated, streamlined version of Splunk Enterprise that contains only the essential components needed to forward data. To forward data to Splunk Cloud Platform, you typically use the Splunk universal forwarder. For more information about add-ons, see About Splunk add-ons. Add-ons support and extend the functionality of the Splunk platform and the apps that run on it, usually by providing inputs for a specific technology or vendor. For more information, see Why source types matter.Ī Splunk app is an application that runs on the Splunk platform and typically addresses several use cases.
#FREE IDM MAC SUPPORT AUTHENTICATION SOFTWARE#
It tells Splunk software what kind of data you have, so that it can format the data intelligently during indexing. To determine if your deployment has the Classic or Victoria experience, see Determine your Splunk Cloud Platform Experience.įor more information, see search head and search head cluster in the Splexicon.Ī source type is one of the critical default fields that Splunk software assigns to all incoming data.
If your deployment is on Victoria Experience you can run add-ons that contain scripted and modular inputs directly on the search head. Splunk Cloud Platform deployments on Victoria Experience do not require IDM. It is intended for use with cloud data sources or when using add-ons that require inputs on the search tier. The Inputs Data Manager (IDM) is a component of your Splunk Cloud Platform environment optimized for data ingestion. For more information about indexes, see Manage Splunk Cloud Platform Indexes. When the Splunk platform indexes raw data, it transforms the data into searchable events. The index is the repository for your data. For a more detailed description of the components of a deployment server, see Deployment Server Architecture.
The deployment server is hosted on your premises or your Cloud environment (such as AWS or Azure). You should also review the Splunk Cloud Platform information in the Getting Data In manual.Ī deployment server is a Splunk Enterprise instance that acts as a centralized configuration manager for any number of forwarders, called "deployment clients". This topic provides an overview of those methods.įundamental Splunk and Splunk Cloud Platform conceptsīefore attempting to get data into your Splunk Cloud Platform deployment, you should have a solid understanding of certain Splunk and Splunk Cloud Platform concepts. Splunk Cloud Platform administrators can add data to their Splunk Cloud Platform deployment using a variety of methods.
0 kommentar(er)
