Solved: Can you configure a heavy forwarder to route raw d...

Log_wrangler · ‎10-03-2018

I need a capture some raw data before it is indexed and sent to a 3rd party application (via tcp_routing and transforms-routing)

I would like to send it to a local dir/file... is that possible?

Please advise...

Thank you

FrankVl · ‎10-03-2018

Not that I’m aware of, at least not directly. What you could do as a workaround I guess is run a syslog daemon on that system as an intermediate. Send it to local host using syslog routing and then have the syslog daemon write it to file.

View solution in original post

FrankVl · ‎10-03-2018

Not that I’m aware of, at least not directly. What you could do as a workaround I guess is run a syslog daemon on that system as an intermediate. Send it to local host using syslog routing and then have the syslog daemon write it to file.

Log_wrangler · ‎10-03-2018

that's an option thanks

Can you configure a heavy forwarder to route raw data to a local file?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Can you configure a heavy forwarder to route raw data to a local file?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!