Consider an environment using intermediate Forwarders as described in http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Protectagainstlossofin-flightdata#When_...
In this environment, the last Forwarder sends data to a third-party system only, as described in http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd
[Source] >>>>> [Forwarder 1] >>>>> [Forwarder 2] >>>>> [Non-Splunk]
We want to ensure that all data that arrives at Forwarder 1 is successfully received by Forwarder 2.
If we enable Indexer Acknowledgement, will Forwarder 2 send acknowledgements as soon as it has sent the data to the non-Splunk receiver? Or is this only possible if Forwarder 2 is sending data to a Splunk Enterprise Indexer?
Thanks in advance
Dave
According to the document you linked, if there is no acknowledgement coming from the non-Splunk receiver to Forwarder 2, then the Acknowledgement from Forwarder 2 to Forwarder 1 is only around that part of the chain. So Forwarder 2 will acknowledge receipt of data from Forwarder 1, but that does not guarantee that the data was successfully sent to the non-splunk destination.