Splunk – Indexer
This is the engine that is in charge of processing machine data, stores the results in indexes as events. This is what allows enabling fast searches and analysis
As data is indexed, Splunk creates files organized in sets of directories by age.
Splunk – Search Head
Splunk has its own Search language, which we will be documenting here in the series as it progresses, in this case, the Search head allows users to search the indexed data. Distributes user search requests to the indexers, and helps consolidate the results based on Field Value Pairs. There is a multitude of different commands and functions that can be used to extract data or put it in a format that can be understood easily.
The search head also provides different tools to interpret the data, provides reporting, dashboards, and multiple visualizations.
Splunk – Forwarders
Forwarders are the instances that will send data directly into Splunk, for example, an agent installed on a web server that collects information or logs from the certain application of the server and sends it to the Splunk deployment for Indexing by the Indexer service.
What is next?
Splunk Deployments
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.