Getting Data In

How to forward the event of a specific index on the heavy forwarder to the specified index of another indexer?

xsstest
Communicator

I have a separate Splunk Enterprise instance, The 9997 port has been enabled to receive events from each host and set up their own index for them。For example: apache_access, secure ect .....

now , I want to convert it into a heavy forwarder and forwards these events to an indexer cluster.

So the question is coming,

How do I forward the event of a specific index on the heavy forwarder, (for example: apache_access) to the specified index of the indexer cluster (for example: web_apache_access)

Example:

apache_access (from heavy-forwarder) ————————>Forward TO ————>web_apache_access(indexer clustering)

0 Karma
1 Solution

xsstest
Communicator

You only need to enable heavy-forwarder
As long as the heavy-forwarder and indexer clusters have the same index name.

For information on how to enable heavy forwarder, read the documentation: http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Deployaheavyforwarder

View solution in original post

0 Karma

xsstest
Communicator

You only need to enable heavy-forwarder
As long as the heavy-forwarder and indexer clusters have the same index name.

For information on how to enable heavy forwarder, read the documentation: http://docs.splunk.com/Documentation/Splunk/6.6.1/Forwarding/Deployaheavyforwarder

0 Karma

xsstest
Communicator

Why no one answered the question?

0 Karma
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Welcome back to Splunk Classroom Chronicles, our ongoing blog series that pulls back the curtain on Splunk ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...