sending splunk db connect data to another indexing...

All Apps and Add-ons

I was hoping you can change just specific inputs in DB connect to send to a different indexing cluster. I do not see a outputs.conf in the db connect app files and i am not sure where to place something like a "_TCP_ROUTING = blah". has any one else accomplished this before?

This is how i have been doing it for syslogs-
outputs.conf in my HWF for syslogs:
[tcpout:idxbankA]
server = splunkidx01.bla.org:9993, splunkidx02.bla.org:9993, splunkidx03.bla.org:9993, splunkidx04.blah.org:9993
autoLBFrequency = 7
forceTimebasedAutoLB = true

inputs.conf
[udp://100.10.10.10:514]
index = blah
sourcetype = blah_blah_blah
connection_host = ip
disabled = 0
_TCP_ROUTING = idxbankA

Then they just send to a intermediate forwarder and get passed to different indexers in the _TCP_ROUTING = idxbankA. It works well so far.

For the UF's i just changed the outputs.conf via a deployment app to send to: splunkidx01.bla.org:9993, splunkidx02.bla.org:9993, splunkidx03.bla.org:9993, splunkidx04.blah.org:9993.

Get Updates on the Splunk Community!

sending splunk db connect data to another indexing cluster

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

sending splunk db connect data to another indexing cluster

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...