Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way for a Splunk Enterprise deployment to behave as a UF as well?

andrewtrobec
Motivator
‎04-10-2019 07:48 AM

Hello,

I'd like to know whether a Splunk Enterprise deployment can act as a UF to another Splunk Enterprise deployment. What I'd like to do is be able to index and analyze log data using a Splunk Enterprise deployment within a private network, and then send a subset of that data to a Splunk Enterprise cloud deployment. The reasons for this intermediate step are:

  1. Log data contains sensitive information that must remain within the private network
  2. Pre-elaboration is needed to strip sensitive data for cloud transfer
  3. Reporting is required on sensitive data within private network

Is there a configuration that exists within Splunk Enterprise that enables the forwarding of it's data to a separate Splunk Enterprise deployment, or do I have to use a dedicated UF on the same machine and create saved searches that output CSV files for it to transfer to cloud?

Thank you and best regards,

Andrew

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-10-2019 08:36 AM

Hi,

Have a look at this documentation https://docs.splunk.com/Documentation/Splunk/7.2.5/Forwarding/Routeandfilterdatad

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...