Getting Data In

Forward data to third party and self-service Splunk Cloud


We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Cloud.

UF -------> self-service Splunk Cloud

Now, management is requesting to forward some of security logs to third party application. From my little knowledge, I found 2 solution to this problem. Can you help me understand best approach?

  1. By using SDK and REST API through program
  2. Use intermediate Forwarder(not HF, just UF) to identify security log and send it to both self-service Splunk Cloud as well as thirdparty app.

I am unsure about one thing in point #2. i.e. how do I configure intermediate UF to route same data to two different source (1. cloud and 2. thirdparty app).

Can you please help with best approach and solution to point #2.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...