Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Haiti EarthQuake

Blog Feed Post

A Splunk Tutorial: How To Migrate a Universal Forwarder to a Heavy Forwarder

In this screencast, one of Hurricane Labs’ Splunk Administrators and Security Operations Analysts, Jeremy Nenadal walks you through a “How-To” for turning a Universal Forwarder into a Heavy Forwarder in Splunk. Performing this upgrade can be beneficial to your organization for a variety of reasons. 

You may want to perform this migration because:

  • A universal forwarder may not be able to fulfill the needs of your growing organization
  • A software you’re installing may require a heavy forwarder with the additional features a universal forwarder lacks

Watch the screencast tutorial below for the full details of how to perform this upgrade.

This simple step-by-step process involves:

  • stop the universal forwarder
  • install new forwarder software
  • (if running Windows)
    stop that forwarder from running
  • copy over needed files
  • start new forwarder back up again

The reason for this particular process, is to prevent re-indexing of files. If you uninstall and then reinstall the new version you will end up re-indexing files, which you don’t want to do.

If you’re looking for a little more information on the different types of forwarders, check out “Splunk Enterprise Forwarding Data: Types of forwarders.” Also, if you want to see how Hurricane Labs and Splunk work together, visit our HDSI, Splunk Managed Services, and Splunk’d Security Solutions pages!

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.