Hi, We have a UF which forwards data to HF and HF passes it to indexers. UF forwards OS logs as well as logs from the directory that we are monitoring. We have configured HF to forward data received to indexers as well as to third party system as explained here: http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Forwarding/Forwarddatatothird-partysystemsd.
But as checked only OS logs are getting forwarded and not the logs from the directory. Can anybody suggest the additional checks we should perform to ensure logs from the directory too are getting forwarded to third party system?
Thanks.
Can you please share your configuration which you configured on HF (Please mask any sensitive data) ?