Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way for a Splunk Enterprise deployment to behave as a UF as well?

andrewtrobec
Motivator
‎04-10-2019 07:48 AM

Hello,

I'd like to know whether a Splunk Enterprise deployment can act as a UF to another Splunk Enterprise deployment. What I'd like to do is be able to index and analyze log data using a Splunk Enterprise deployment within a private network, and then send a subset of that data to a Splunk Enterprise cloud deployment. The reasons for this intermediate step are:

  1. Log data contains sensitive information that must remain within the private network
  2. Pre-elaboration is needed to strip sensitive data for cloud transfer
  3. Reporting is required on sensitive data within private network

Is there a configuration that exists within Splunk Enterprise that enables the forwarding of it's data to a separate Splunk Enterprise deployment, or do I have to use a dedicated UF on the same machine and create saved searches that output CSV files for it to transfer to cloud?

Thank you and best regards,

Andrew

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-10-2019 08:36 AM

Hi,

Have a look at this documentation https://docs.splunk.com/Documentation/Splunk/7.2.5/Forwarding/Routeandfilterdatad

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...