Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting outputs.conf

rangineniarunku
Explorer
‎03-31-2017 08:07 AM

I have a doubt here..I want to index data to both sandbox and production. What changes do I need to make here.

[tcpout]
defaultGroup = production

[tcpout:sandbox]
server=ABC:PORT

[tcpout:production]
server=XYZ:PORT
autoLB = true
useACK = false

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-31-2017 08:29 AM

Hi rangineniarunkumar,
just a little additional information:

  • are sandbox and production indexers?
  • do you want to send some logs to sandbox and some logs to production?

If this is your need, you should see at http://docs.splunk.com/Documentation/Splunk/6.5.2/Forwarding/Routeandfilterdatad where it's described how to configure your outputs.conf and inputs.conf files.

At first sight I see [default group] stanza in your outputs.conf and you should remove it.
In addition you have to insert in all your inputs.conf files stanzas _TCP_ROUTING = sandbox or _TCP_ROUTING = production depending by your logs.
If you want to send the same log to both the indexers you don't need to insert _TCP_ROUTING =

Bye.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎03-31-2017 08:29 AM

Hi rangineniarunkumar,
just a little additional information:

  • are sandbox and production indexers?
  • do you want to send some logs to sandbox and some logs to production?

If this is your need, you should see at http://docs.splunk.com/Documentation/Splunk/6.5.2/Forwarding/Routeandfilterdatad where it's described how to configure your outputs.conf and inputs.conf files.

At first sight I see [default group] stanza in your outputs.conf and you should remove it.
In addition you have to insert in all your inputs.conf files stanzas _TCP_ROUTING = sandbox or _TCP_ROUTING = production depending by your logs.
If you want to send the same log to both the indexers you don't need to insert _TCP_ROUTING =

Bye.
Giuseppe

Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...