Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a forwarder be configured to two indexers without load balancing?

mce128
Explorer
‎10-19-2012 12:43 AM

I have tried quite unsuccessfully to search for an answer to achieve this configuration, so I'm asking here. Hopefully someone has a suggestion/solution to my kind of unusual configuration requirement.

Is it possible to configure a forwarder to send to two separate indexers without load balancing, so that both indexers receive all the data independently?

I understand this is an atypical situation, however, this is something I need to achieve. The indexers will be unable to communicate with each other and will be combined indexer/search heads, so they can't share the received data or be searched in a distributed fashion.

I would suppose it would be possible to run two forwarders on the monitored host(s) one forwarding out to each indexer, but this would be a I/O hog and wasteful of system resources. As a result it would be highly desirable to send to both indexers from a single instance of the forwarder on the monitored host.

Has anyone done this? Is it even possible?

Thanks,
Joe

Reply
1 Solution
Solved! Jump to solution

mce128
Explorer
‎10-19-2012 10:12 AM

WOW... Don't know how I missed THAT in the docs...

Thanks!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...