Can you please provide steps to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment.
We have configured the $SPLUNK_HOME/etc/system/local/outputs.conf with SSL in search head to forward the aws data collected from Add-on to indexer node. Also created required indexes in indexer nodes.
outputs.conf:
[tcpout]
defaultGroup = splunkssl
[tcpout:splunkssl]
server = indexer1.abcunit.com:9997
compressed = true
[tcpout-server://indexer1.abcunit.com:9997]
sslCertPath = $SPLUNK_HOME/etc/certs/forwarder.pem
sslPassword = $as#$353dgsdt%23a
sslRootCAPath = $SPLUNK_HOME/etc/certs/cacert.pem
We have configured the $SPLUNK_HOME/etc/system/local/outputs.conf with SSL in search head to forward the aws data collected from Add-on to indexer node. Also created required indexes in indexer nodes.
outputs.conf:
[tcpout]
defaultGroup = splunkssl
[tcpout:splunkssl]
server = indexer1.abcunit.com:9997
compressed = true
[tcpout-server://indexer1.abcunit.com:9997]
sslCertPath = $SPLUNK_HOME/etc/certs/forwarder.pem
sslPassword = $as#$353dgsdt%23a
sslRootCAPath = $SPLUNK_HOME/etc/certs/cacert.pem