1
00:00:02,310 --> 00:00:09,750
The third component of Splunk in our list is the universal forwarder, which is also referred as Splunk

2
00:00:09,780 --> 00:00:10,470
agent.

3
00:00:10,500 --> 00:00:17,090
The universal forwarder are used to collect data from remote data sources.

4
00:00:17,100 --> 00:00:22,680
When I say remote data sources, it can be anything that is holding data.

5
00:00:22,710 --> 00:00:27,930
It can be a flat file, log files, scripts, or database logs.

6
00:00:27,930 --> 00:00:29,160
Web server logs.

7
00:00:29,310 --> 00:00:32,110
Any remote machine with just data.

8
00:00:32,130 --> 00:00:39,990
We can install a universal forwarder to fetch that data and feed it to our Splunk environment for further

9
00:00:39,990 --> 00:00:40,650
processing.

10
00:00:40,980 --> 00:00:45,180
The universal forwarder is a lightweight package.

11
00:00:45,210 --> 00:00:50,910
All it can do is to fetch the data and send to other Splunk instances.

12
00:00:50,940 --> 00:00:57,480
It can also run scripts to collect the data on local or remote machines.

13
00:00:57,600 --> 00:01:05,670
Installation of universal forwarder for collecting data is highly recommended for fetching data from

14
00:01:05,670 --> 00:01:07,080
the remote machines.

15
00:01:09,150 --> 00:01:18,210
It has very little overhead on CPU and RAM, which is negligible when consider to other processes to

16
00:01:18,210 --> 00:01:26,640
define universal for what it is a lightweight component of Splunk, which fetches the data from flat

17
00:01:26,640 --> 00:01:34,600
files or scripts and sends it to other components of Splunk for processing of the data.

18
00:01:34,620 --> 00:01:35,940
Further up the chain.