Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can I forward the same log files on the Forwarder to two different Splunk Enterprise?

lctanlc
New Member
‎05-28-2017 08:10 PM

On the WEB01 and WEB02 servers, I have installed Splunk Forwarder and successfully forwarded the following log files to a APP server that was installed with Splunk Enterprise:

On WEB01 server, D:\log\application1.log
On WEB01 server, D:\log\application2.log
On WEB02 server, D:\log\application1.log
On WEB02 server, D:\log\application2.log

I am now being told to also forward these files to another ENT server, which was installed with a later version of Splunk Enterprise. May I know how should I go about doing such without impacting the original forwarding to the APP server?

Tags (1)
0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎05-30-2017 04:26 PM

aakwah's answer is valid, I'm just providing some official links.

Data Cloning in the splexicon and/or also refer to the configure data cloning section of outputs.conf

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply

aakwah
Builder
‎05-29-2017 06:20 AM

Hello,

In outputs.conf of forwarders, you can have something like this:

[tcpout]
defaultGroup=indexer1,indexer2

[tcpout:indexer1]
server=10.1.1.197:9997

[tcpout:indexer2]
server=10.1.1.200:9997

Regards

0 Karma
Reply

lctanlc
New Member
‎05-29-2017 09:07 PM

Hi! Will I need to restart anything for the modified outputs.conf file to take effect on the forwarders? How do I go about restarting it?

0 Karma
Reply

ggssa2000
Explorer
‎05-29-2017 09:52 PM

go to the cmd line and type: $SPLUNK_HOME/bin/splunk restart

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...