Getting Data In

Forward data to third party and self-service Splunk Cloud

aanataliya
Explorer

We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Cloud.

UF -------> self-service Splunk Cloud

Now, management is requesting to forward some of security logs to third party application. From my little knowledge, I found 2 solution to this problem. Can you help me understand best approach?

  1. By using SDK and REST API through program
  2. Use intermediate Forwarder(not HF, just UF) to identify security log and send it to both self-service Splunk Cloud as well as thirdparty app.

I am unsure about one thing in point #2. i.e. how do I configure intermediate UF to route same data to two different source (1. cloud and 2. thirdparty app).

Can you please help with best approach and solution to point #2.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...