Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
Logs from a Windows universal forwarder can be sent to a Splunk indexer on any supported operating system platform. The forwarder and indexer communicate over TCP, making them platform agnostic as long as the operating systems are within the supported platforms.
As per "data administrator" pdf about windows input "–Data can be forwarded to any Splunk indexer on any OS platform"
Yup, Pag: 185
The answer is A. Regardless of the OS host the forwarder/indexer; from the forwarder box configure IP address of the indexer(s) and replication port 9997.
Option A is correct
This question is tricky It's not B & C A is confusing its support all OS (within the sphere of supported platforms) So it's could be D but I will go with A See below link for more details https://answers.splunk.com/answers/153612/what-is-the-best-way-to-get-data-from-a-linux-forwarder-to-a-windows-indexer.html
Agreed A. Quoting the provided Splunk Reference URL "The forwarder/indexer relationship can be considered platform agnostic (within the sphere of supported platforms) because they exchange their data handshake (and the data, if you wish) over TCP.
A. Any OS platform.
A is correct. Never use a windows deployment-server to manage Linux hosts, it's unsupported
A is correct
I think the UF has to be Windows specific for windows events/inputs but indexer can run any OS platform
As per "data administrator" pdf about windows input "–Data can be forwarded to any Splunk indexer on any OS platform"
Data can be forwarded to any Splunk indexer on any OS platform
Data can be forwarded to any Splunk indexer on any OS platform