The universal forwarder (UF) should be used whenever possible, as it is smaller and more efficient. In which of the following scenarios would a heavy forwarder (HF) be a more appropriate choice?
A heavy forwarder (HF) would be a more appropriate choice than a universal forwarder (UF) when a predictable version of Python is required. This is because the HF includes a bundled version of Python that can be used to run scripts or custom commands, whereas the UF does not include Python and relies on the system version. This can cause compatibility issues or unexpected results if the system version of Python is different from the one expected by the script or command. Therefore, using an HF can ensure that the script or command runs consistently and reliably with the same version of Python. References:
[Splunk Certification Exam Study Guide], page 13
[Splunk Documentation: About forwarding and receiving data]
[Splunk Documentation: About Splunk Enterprise forwarders]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit