Is there a sample configuration available for inte...

sravankaripe · ‎09-21-2016

In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermediate forwarder to Splunk Indexers. Can anybody help me in providing a sample configuration file for this?

somesoni2 · ‎09-21-2016

See this (old post but you can refer to latest documentation for each step)

https://answers.splunk.com/answers/10429/is-there-an-example-configuration-available-for-an-intermed...

Basically

Setup Forwarding on Universal forwarder (installed on your application servers) - (should forward to your Intermediate forwarder) http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/EnableforwardingonaSplunkEnterpriseinst...
Setup Receiving and Forwarding on Intermediate forwarder : (should forwarder to Indexers) http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/Configureanintermediateforwarder
Setup Receiving on Indexer: http://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Enableareceiver

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...