The Universal Forwarder is a dedicated Splunk package used wherever data needs to be collected directly from endpoints. Forwarders are lightweight, secure and can be deployed to provide real-time data collection from tens of thousands of sources. Use the Universal Forwarder to monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics from virtual or non-virtual sources or watch the file system for configuration, permissions and attribute changes.
Comments