We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Cloud.
UF -------> self-service Splunk Cloud
Now, management is requesting to forward some of security logs to third party application. From my little knowledge, I found 2 solution to this problem. Can you help me understand best approach?
I am unsure about one thing in point #2. i.e. how do I configure intermediate UF to route same data to two different source (1. cloud and 2. thirdparty app).
Can you please help with best approach and solution to point #2.