SOC Experts Community - Beta
0 like 0 dislike
in SIEM by (190 points)

2 Answers

0 like 0 dislike
by (5.9k points)
The universal forwarder, supersedes light forwarder with similar functionalities. The light forwarder has been disapproved but continues to be available mainly to meet legacy needs and most of the features disabled.
0 like 0 dislike
by (810 points)

Light Forwarder is also full Splunk enterprise instance, with more features disabled or much more limited functionality and it has a smaller footprint (Memory, CPU Load).

It forwards only Unparsed data.  

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses