This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Architecture Options
Backend Placement
Applies to: Splunk and alternative backends.
The backend service required by uberAgent can be installed or consumed in any setup that is supported by the backend product vendor. This includes:
- On-premises (physical or virtual machine)
- Backend vendor cloud offering such as Splunk Cloud
- Public cloud IaaS (virtual machine in a cloud such as AWS EC2, Azure VMs)
Note: vast limits does not operate backend servers for data storage and visualization. Backend servers such as Splunk are always operated by vast limits’ customers or partners.
Endpoint to Backend Communication
Recommended: Direct
Applies to: Splunk and alternative backends.
In this recommended configuration uberAgent talks directly to the backend servers. This has the advantage that the overall footprint on the monitored endpoints is smaller compared to architecture options that require Splunk Universal Forwarder.
Configuration highlights
- Communications: uberAgent sends data directly from the endpoint to the backend servers
- Splunk backends: on the indexers, either a TCP port is opened or HTTP Event Collector is configured
- Alternative backends: uberAgent makes use of the backend’s native REST API
Pros
- Smallest footprint
- Data can be transferred encrypted via HTTPS and authenticated with a REST token
Alternative: Via Splunk Universal Forwarder
Applies to: Splunk backends only.
Note
Please note that with this configuration option, data is transmitted unencrypted over TCP from uberAgent to Splunks Universal Forwarder on the local machine. Therefore, we recommend that you use the direct connection as described before, which enables encrypted and authenticated data transmission.
Similar to Standalone mode, but uberAgent sends the data it collects to a locally installed Splunk Universal Forwarder. If you have deployed Universal Forwarder on your monitored endpoints anyway you might want the forwarder to handle all Splunk communications.
Configuration highlights
- Communications: uberAgent sends data to the local forwarder’s TCP port which in turn sends data to the Splunk indexers
- Splunk Universal Forwarder: a TCP port is opened on each endpoint (for local access only)
Pros
- All Splunk communications are handled by Splunk components
- Additional data can be collected via Universal Forwarder (log files, Windows event logs, scripts)
- Collected data can optionally be persisted to disk before sending off to Splunk
Cons
- Larger footprint than the recommended architecture
- On the local machine, data is sent unencrypted and unauthenticated over TCP
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.