Hi All, As a newbie i have a question regarding App for Windows Infrastructure. We have a single instance of Splunk Enterprise on Linux. I have gone thru other threads on this subject before asking this Q. Based on its documentation as shown in the image, it says the app collects data from Windows systems using "Splunk Add-on for Windows" & from Active Directory using "Splunk Add-on for AD". My question is where does then the" Universal forwarder" that gets deployed on the servers come into picture then if the "Add-on" components are doing the same job ? What is the point of installing UF then ?
Their doc also mentions to install Universal forwarder on windows systems that we want to monitor. I see that as redundant then, unless someone can pls clarify its use in this scenario. I need to monitor active directory in our environment and i am tempted to use this App for Infrastructure . How do you guys use this in your environment ? Does it work along side UF or does it work in place of UF ?
![alt text][1]
Neeraj
[1]: /storage/temp/252233-capture.jpg
↧