Getting Data In

Forward data to third party and self-service Splunk Cloud


We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Cloud.

UF -------> self-service Splunk Cloud

Now, management is requesting to forward some of security logs to third party application. From my little knowledge, I found 2 solution to this problem. Can you help me understand best approach?

  1. By using SDK and REST API through program
  2. Use intermediate Forwarder(not HF, just UF) to identify security log and send it to both self-service Splunk Cloud as well as thirdparty app.

I am unsure about one thing in point #2. i.e. how do I configure intermediate UF to route same data to two different source (1. cloud and 2. thirdparty app).

Can you please help with best approach and solution to point #2.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!