Solved: how to configure/enable heavy forwarder for Splun...

dhavamanis · ‎01-22-2015

Can you please provide steps to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment.

dhavamanis · ‎02-18-2015

We have configured the $SPLUNK_HOME/etc/system/local/outputs.conf with SSL in search head to forward the aws data collected from Add-on to indexer node. Also created required indexes in indexer nodes.

outputs.conf:

[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
server = indexer1.abcunit.com:9997
compressed = true

[tcpout-server://indexer1.abcunit.com:9997]
sslCertPath = $SPLUNK_HOME/etc/certs/forwarder.pem
sslPassword = $as#$353dgsdt%23a
sslRootCAPath = $SPLUNK_HOME/etc/certs/cacert.pem

View solution in original post

dhavamanis · ‎02-18-2015

We have configured the $SPLUNK_HOME/etc/system/local/outputs.conf with SSL in search head to forward the aws data collected from Add-on to indexer node. Also created required indexes in indexer nodes.

outputs.conf:

[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
server = indexer1.abcunit.com:9997
compressed = true

[tcpout-server://indexer1.abcunit.com:9997]
sslCertPath = $SPLUNK_HOME/etc/certs/forwarder.pem
sslPassword = $as#$353dgsdt%23a
sslRootCAPath = $SPLUNK_HOME/etc/certs/cacert.pem

how to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life