是否在每台生成日志的机器上都安装了 splunk 转发器?
[英]Are splunk forwarders installed on every machine that generates log?
问题描述
I am trying to understand the splunk architecture and am confused by the articles on the topic.
我正在尝试了解 splunk 架构,但对有关该主题的文章感到困惑。
I understand that forwarders retrieve information from the physical log files and forward those to indexers but what I don't understand is how forwarders achieve this.我了解转发器从物理日志文件中检索信息并将其转发给索引器,但我不明白转发器如何实现这一点。
More specifically:进一步来说:
- Do you need to install a forwarder onto every machine, virtual or physical, which generates log files which can push this information to the indexers or can there be a central forwarder which can connect to various application hosts and pull in the log information to forward to indexers or are both options available?您是否需要在每台虚拟机或物理机上安装一个转发器,它会生成可以将此信息推送到索引器的日志文件,或者是否有一个中央转发器可以连接到各种应用程序主机并提取日志信息以转发到索引器还是两个选项都可用?
Any feedback would be greatly appreciated.任何反馈将不胜感激。
Thanks,谢谢,
Bob鲍勃
1 个解决方案
解决方案1
0 2022-08-25 20:10:36
It can be done either way.它可以通过任何一种方式完成。 Best Practice is to put a forwarder as close to the source of the data as possible.最佳实践是将转发器放置在尽可能靠近数据源的位置。 That would mean installing a UF on the machine from which logs will be indexed.这将意味着在将从其索引日志的机器上安装一个 UF。 This usually is the simplest method.这通常是最简单的方法。
One can use a central forwarder that collects logs from several hosts.可以使用从多个主机收集日志的中央转发器。 Care should be taken to ensure the correct host name is associated with each log.应注意确保正确的主机名与每个日志相关联。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.