[英]Are splunk forwarders installed on every machine that generates log?
I am trying to understand the splunk architecture and am confused by the articles on the topic.我正在尝试了解 splunk 架构,但对有关该主题的文章感到困惑。
I understand that forwarders retrieve information from the physical log files and forward those to indexers but what I don't understand is how forwarders achieve this.我了解转发器从物理日志文件中检索信息并将其转发给索引器,但我不明白转发器如何实现这一点。
More specifically:进一步来说:
Any feedback would be greatly appreciated.任何反馈将不胜感激。
Thanks,谢谢,
Bob鲍勃
It can be done either way.它可以通过任何一种方式完成。 Best Practice is to put a forwarder as close to the source of the data as possible.
最佳实践是将转发器放置在尽可能靠近数据源的位置。 That would mean installing a UF on the machine from which logs will be indexed.
这将意味着在将从其索引日志的机器上安装一个 UF。 This usually is the simplest method.
这通常是最简单的方法。
One can use a central forwarder that collects logs from several hosts.可以使用从多个主机收集日志的中央转发器。 Care should be taken to ensure the correct host name is associated with each log.
应注意确保正确的主机名与每个日志相关联。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.