Forwarding all events from a Splunk Instance

npatellis — Tue, 15 Mar 2011 00:46:47 GMT

I am using Splunk to collect logs from a diverse environment. The same events, or at least a large subset, need to be forwarded to security event integration management device. What I want to avoid is having a Windows server send logs to two security devices - Splunk and the security event manager. Is it possible to have Splunk collect while also forwarding?

Re: Forwarding all events from a Splunk Instance

I-Man — Tue, 15 Mar 2011 00:58:21 GMT

Yes it is. This link should lead you in the right direction.

http://www.splunk.com/base/Documentation/4.1.6/Admin/Forwarddatatothird-partysystems

I am forwarding almost all of our data to an IDS. We did filter some junk out prior to being indexed or forwarded. The following link will help you filter out some of the data that you do not want to forward.

http://www.splunk.com/base/Documentation/4.1.5/Admin/Routeandfilterdata#Filter_event_data_and_send_to_queues

I-Man

topic Forwarding all events from a Splunk Instance in Getting Data In

Forwarding all events from a Splunk Instance

Re: Forwarding all events from a Splunk Instance