- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to forward logs from one Splunk server to another Splunk server?
Can you please tell us, how to forward the logs from one splunk server to another. because we are already receiving log from webservers and the same logs needs to transfer to customers splunk platform. Can you please provide the step by step configuration details to enable the forwarding at Splunk indexer end.
Example :
syslog format logs are coming and indexing into splunk indexer splunkindexer.xyz.com:80 and need to forward the same set of logs to splunkindexer.xyz1.com:9997 as well from splunkindexer.xyz.com:80
Update :
We want to forward the specific index data alone from one splunk indexer to another splunk farm. Can you please provide the sample outputs.conf entries with syslog format.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You can use the outputs.conf file to configure the forwarding. It will work as heavy forwarder.
But you need to specify the proper whitelist and blacklist parameters to forward correct set of indexed data. Also if you want to retain local copy you need to set up the index_forward mechanism. Please follow the documentation.
link texthttp://docs.splunk.com/Documentation/Splunk/6.1.3/admin/Outputsconf
Thanks,
L
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We want to forward the specific index data alone from one splunk indexer to another splunk farm. Can you please provide the sample outputs.conf entries with syslog format.
