Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can I forward the same log files on the Forwarder to two different Splunk Enterprise?

lctanlc
New Member
‎05-28-2017 08:10 PM

On the WEB01 and WEB02 servers, I have installed Splunk Forwarder and successfully forwarded the following log files to a APP server that was installed with Splunk Enterprise:

On WEB01 server, D:\log\application1.log
On WEB01 server, D:\log\application2.log
On WEB02 server, D:\log\application1.log
On WEB02 server, D:\log\application2.log

I am now being told to also forward these files to another ENT server, which was installed with a later version of Splunk Enterprise. May I know how should I go about doing such without impacting the original forwarding to the APP server?

Tags (1)
0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎05-30-2017 04:26 PM

aakwah's answer is valid, I'm just providing some official links.

Data Cloning in the splexicon and/or also refer to the configure data cloning section of outputs.conf

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply

aakwah
Builder
‎05-29-2017 06:20 AM

Hello,

In outputs.conf of forwarders, you can have something like this:

[tcpout]
defaultGroup=indexer1,indexer2

[tcpout:indexer1]
server=10.1.1.197:9997

[tcpout:indexer2]
server=10.1.1.200:9997

Regards

0 Karma
Reply

lctanlc
New Member
‎05-29-2017 09:07 PM

Hi! Will I need to restart anything for the modified outputs.conf file to take effect on the forwarders? How do I go about restarting it?

0 Karma
Reply

ggssa2000
Explorer
‎05-29-2017 09:52 PM

go to the cmd line and type: $SPLUNK_HOME/bin/splunk restart

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...