How best could this agent be used to instrument a JVM in the cloud ? (AWS) - how could we encrypt the data streamed to an on-prem instance of Splunk ?
via HEC ? we also intend to deploy a UF in the env to collect os (linux metrics etc) can you send the instrumented data to the UF then send that back to the on-prem instance ?
gratzi
Re: the JVM Agent...the example configuration file that ships with the agent shows how to use HEC as the transport
Re: forwarding options from a UF , outputs.conf reference is your friend 🙂 So you could forward cooked or uncooked data over TCP back to your on-premise indexers (firewalls permitting of course).
Re: the JVM Agent...the example configuration file that ships with the agent shows how to use HEC as the transport
Re: forwarding options from a UF , outputs.conf reference is your friend 🙂 So you could forward cooked or uncooked data over TCP back to your on-premise indexers (firewalls permitting of course).
Thanks Damien - as both provide a solution - which would you use as a preference?
i would go with sending to the UF > index tier as that would require less config, a single data channel, less FW config?
would you concur?
I concur , simplest and least moving parts is always best.