All Apps and Add-ons
Highlighted

how to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment

Builder

Can you please provide steps to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment.

0 Karma
Highlighted

Re: how to configure/enable heavy forwarder for Splunk Add-on for Amazon Web Services in distributed environment

Builder

We have configured the $SPLUNK_HOME/etc/system/local/outputs.conf with SSL in search head to forward the aws data collected from Add-on to indexer node. Also created required indexes in indexer nodes.

outputs.conf:

[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
server = indexer1.abcunit.com:9997
compressed = true

[tcpout-server://indexer1.abcunit.com:9997]
sslCertPath = $SPLUNKHOME/etc/certs/forwarder.pem
sslPassword = $as#$353dgsdt%23a
sslRootCAPath = $SPLUNK
HOME/etc/certs/cacert.pem

View solution in original post

0 Karma