All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Configure Splunk Add-on for Salesforce to forward to index cluster

gordo32
Communicator
‎01-04-2018 09:24 AM

I've been using Splunk as standalone for quite awhile, but I'm pretty new to Splunk Clustering. In my config, I have a 3 node cluster (2 peers, and 3rd node is both Cluster Master & Search Head).

I'm trying to understand, for Add-Ons such as Salesforce, how I ensure data is forwarded to an Index Cluster. I know on a Universal Forwarder that I can setup Indexer Discovery, and I have this working using /etc/system/local/outputs.conf.

Is the same solution the only way to forward from Add-ons like SalesForce from a Heavy Forwarder? This limits me to needing to dedicate one HF per cluster doesn't it? For example, from one HF I can't forward SalesForce data to one index cluster, and Cisco data to a different cluster.

If I'm right, and HF must be per cluster, can the cluster search head be used such that it's dual-purposed as Search Head and Heavy Forwarder using Indexer Discovery to itself?

Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...