Write different types of Splunk forwarder.

1.	Write different types of Splunk forwarder.
Answer» A forwarder is a Splunk instance or agent you deploy on IT systems, which collects machine logs and sends them to the indexer. You can choose between two types of forwarders: Universal Forwarder: A universal forwarder is ideal for sending raw data collected at the source to an indexer without any prior processing. Basically, it's a component that performs minimal processing before forwarding incoming data streams to an indexer. ALTHOUGH it is faster, it also results in a LOT of unnecessary information being forwarded to the indexer, which will result in higher performance overhead for the indexer. Heavy Forwarder: You can eliminate half of your problems using a heavy forwarder since one LEVEL of data processing happens at the source before forwarding the data to the indexer. Parsing and indexing take place on the source machine and only data EVENTS that are parsed are sent to the indexer.

Answer»

A forwarder is a Splunk instance or agent you deploy on IT systems, which collects machine logs and sends them to the indexer. You can choose between two types of forwarders:

Universal Forwarder: A universal forwarder is ideal for sending raw data collected at the source to an indexer without any prior processing. Basically, it's a component that performs minimal processing before forwarding incoming data streams to an indexer. ALTHOUGH it is faster, it also results in a LOT of unnecessary information being forwarded to the indexer, which will result in higher performance overhead for the indexer.
Heavy Forwarder: You can eliminate half of your problems using a heavy forwarder since one LEVEL of data processing happens at the source before forwarding the data to the indexer. Parsing and indexing take place on the source machine and only data EVENTS that are parsed are sent to the indexer.

Write different types of Splunk forwarder.

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment