[Forwarder] Data Filtering Issue

qkwltk · ‎12-10-2012

Hi,Guys And I'm splunk engineer.

Project progress, issues arose data that should be filtered through a splunk forwarder.
More information is shown below.

light forwarder, universal forwarder in whether filtering
: If it's not why should not on a specific technology
Universal Forwarder to filter the data to be transferred through the Indexer settings

: If it's not why should not on a specific technology
Heavy Forwarder through data filtering, Forwarder installation Environment (actual commercial server) affect whether the resource
: Occupied sure how much cpu, memory as compared to other forwarders(light, universal forwarder) ex. Content results in a specific environment of the POC ...etc

As a result, we want to get Offical Documents that Forwarder installed on the commercial server has not affected.

We have no time to do work , so I look forward to your answer assp!^^

Thanks!

Ayn · ‎12-11-2012

Filtering can only be done on instances that perform parsing - in the forwarder case, only heavy forwarders do that.

Again, we can't do your work for you - if you have no time to do this, you should get someone who does.

Drainy · ‎12-11-2012

In your case, you might find paying for professional services to be useful

Are you a member of the Splunk Community?