Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

routing assistance config - HEC to multiple envs

Esky73
Builder
‎05-20-2018 11:24 PM

i am receiving data via HEC to a SH which then sends to an index tier.

I've like to also send this data to a secondary indexing tier which is a separate env - need some clarification with the config is the section 'Forward data for a single index only' relevant here - will it still index locally ?

http://docs.splunk.com/Documentation/Splunk/7.1.0/Forwarding/Routeandfilterdatad#Perform_selective_i...

[tcpout]
#Disable the current filters from the defaults outputs.conf
forwardedindex.0.whitelist = 
forwardedindex.1.blacklist =
forwardedindex.2.whitelist =

#Forward data for the "myindex" index
forwardedindex.0.whitelist = myindex
Tags (1)
0 Karma
Reply

shelde_msearles
New Member
‎03-19-2019 10:34 PM

Did this end up working as you expected?

0 Karma
Reply

xpac
SplunkTrust
SplunkTrust
‎05-21-2018 06:20 AM

So - you want to send the HEC data to two different destinations?
You sent ALL data from that instance to a certain index tier, by default, and for some data, want to also send that data to a second destination?

0 Karma
Reply

Esky73
Builder
‎05-21-2018 06:43 AM

hey xpac - correct.

It's not an ideal scenario - just a workaround to send the HEC data to another test env.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...