Getting Data In

Forward data to third party and self-service Splunk Cloud

Explorer

We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Cloud.

UF -------> self-service Splunk Cloud

Now, management is requesting to forward some of security logs to third party application. From my little knowledge, I found 2 solution to this problem. Can you help me understand best approach?

  1. By using SDK and REST API through program
  2. Use intermediate Forwarder(not HF, just UF) to identify security log and send it to both self-service Splunk Cloud as well as thirdparty app.

I am unsure about one thing in point #2. i.e. how do I configure intermediate UF to route same data to two different source (1. cloud and 2. thirdparty app).

Can you please help with best approach and solution to point #2.

0 Karma