Getting Data In

How to remotely install and configure a universal forwarder to point to 1 of 10 intermediate forwarders?


Is there a way to remotely install universal forwarders using a command line push that would allow multiple intermediate forwarders listed, but the UF would only send to the intermediate forwarder that is available? (We have a very segmented network, with many Intermediate forwarders, and would like to automatic push configs to about 1000 servers.)

0 Karma


Yes there is, below is a link to the CLI docs. I use a script to install our UF's and set the basics. The rest of the configs is then downloaded from our delivery server. You can add multiple forward-servers and the UF will round-robin them.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!