Can you please provide steps to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment.
We have configured the $SPLUNK_HOME/etc/system/local/outputs.conf with SSL in search head to forward the aws data collected from Add-on to indexer node. Also created required indexes in indexer nodes.
defaultGroup = splunkssl
server = indexer1.abcunit.com:9997
compressed = true
sslCertPath = $SPLUNKHOME/etc/certs/forwarder.pem
sslPassword = $as#$353dgsdt%23a
sslRootCAPath = $SPLUNKHOME/etc/certs/cacert.pem
View solution in original post