Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

rgb22
New Member
‎02-17-2017 11:06 AM

Hello guys,

we are working with a Heavy forwarder and its receiving logs from a lot of sources and of course sending them into a Splunk Indexer. However, now I'm trying add the functionality to forward (firewall) logs of a specific sourcetype via syslog to another instance which is not from Splunk using a certificate.

I tried the steps of the documentation but i wasn't able to do it work properly. Can you give me some help with this please?

PD: The documentation i was using: http://docs.splunk.com/Documentation/Splunk/6.5.2/Forwarding/Forwarddatatothird-partysystemsd

Thanks you in advance

0 Karma
Reply

mwdbhyat
Builder
‎02-20-2017 05:40 AM

Can you describe more about the issue you are facing ? Is there an error you are getting or is it just not forwarding anything ?

0 Karma
Reply

rgb22
New Member
‎02-20-2017 12:09 PM

Thanks for your response.

I'm receiving firewall logs into a heavy forwarder and i need to send those logs to 1) Splunk indexers and 2) McAfee SIEM using certificate for the second. but i have no idea how to do it, I tried to send syslogs to another instance and it worked but i dont know how to do it using certificate. Ofcourse it needs to be a certificate who can work with splunk and mcfee

0 Karma
Reply

mwdbhyat
Builder
‎02-21-2017 01:56 AM

So the issue lies with the certificates then and not the forwarding/routing ?

0 Karma
Reply

rgb22
New Member
‎02-21-2017 04:33 AM

Yes, thats exactly my issue.

In addition: I was making some test and i was able to send those logs to another instance but if you have a guide like "better practices" to do this, i would be very grateful.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...