I know it is possible to install a UF on the same machine as my Splunk instance as stated in these posts:
1. https://answers.splunk.com/answers/131245/running-a-universal-forwarder-on-the-same-server-as-the-enterprise-server.html
2. https://answers.splunk.com/answers/471936/install-both-universal-forwarder-and-splunk-enterp.html
but I will like to know if there are notable reasons why to do so or not.
- Are there any benefits to having both on the same machine or otherwise?
- What is the best practice and why is that so?
- Which approach is most prone to errors?
Thanks in advance! :)
↧