hi experts
trying to deploy a HF and forward logs to 2 different indexers. clone data
i have 2 UFs feeding windows and syslog logs respectively to a HF.
This is my HF output conf, i think there some thing wrong here as i can only see logs at my indexer1
[tcpout]
defaultGroup=windows,syslog
[tcpout:windows,syslog]
server=indexer1 ip:9997
[tcpout:windows,syslog]
server=indexer2 ip:9997
appreciate any help.
Hi @siuolkl,
don't use default group:
[tcpout]
[tcpout:ABC_1]
server=indexer1_ip:9997
[tcpout:ABC_2]
server=indexer2;ip:9997
remember that the group names in the stanza headers (tcpout:...) must be different not the same.
Ciao.
Giuseppe
Hi @siuolkl,
don't use default group:
[tcpout]
[tcpout:ABC_1]
server=indexer1_ip:9997
[tcpout:ABC_2]
server=indexer2;ip:9997
remember that the group names in the stanza headers (tcpout:...) must be different not the same.
Ciao.
Giuseppe
Hi @siuolkl,
good for you, see next time!
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated 😉