Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can a forwarder be configured to two indexers without load balancing?

mce128
Explorer
‎10-19-2012 12:43 AM

I have tried quite unsuccessfully to search for an answer to achieve this configuration, so I'm asking here. Hopefully someone has a suggestion/solution to my kind of unusual configuration requirement.

Is it possible to configure a forwarder to send to two separate indexers without load balancing, so that both indexers receive all the data independently?

I understand this is an atypical situation, however, this is something I need to achieve. The indexers will be unable to communicate with each other and will be combined indexer/search heads, so they can't share the received data or be searched in a distributed fashion.

I would suppose it would be possible to run two forwarders on the monitored host(s) one forwarding out to each indexer, but this would be a I/O hog and wasteful of system resources. As a result it would be highly desirable to send to both indexers from a single instance of the forwarder on the monitored host.

Has anyone done this? Is it even possible?

Thanks,
Joe

Reply
1 Solution
Solved! Jump to solution

mce128
Explorer
‎10-19-2012 10:12 AM

WOW... Don't know how I missed THAT in the docs...

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...