Splunk Enterprise Certified Admin Changed SPLK-1003 Questions

Scroll down to the section Titled, How to configure forwarder inputs, and subsection Here are the main ways that you can configure data inputs on a forwarder Install the app or add-on that contains the inputs you wants

Immediately after installation, a universal forwarder will start generating internal Splunk logs that contain information about its own operation, such as configuration changes, data inputs, and forwarding activities1. These logs are stored in the $SPLUNK_HOME/var/log/splunk directory on the universal forwarder machine1. The universal forwarder will not automatically detect any indexers in its subnet and begin routing data, as it needs to be configured with the IP address and port number of the indexer or the deployment server2. The universal forwarder will not begin reading local files on its server, as it needs to be configured with the data inputs that specify which files or directories to monitor2. The universal forwarder will not send an email to the operator that the installation process has completed, as this is not a default behavior of the universal forwarder and would require additional configuration3.

https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Distdeploylicenses#:~:text=License%20requirements,do%20not%20index%20external%20data.

"All Splunk Enterprise instances functioning as management components needs access to an Enterprise license. Management components include the deployment server, the indexer cluster manager node, the search head cluster deployer, and the monitoring console."

"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."