Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (HEC)? We have the requirement to forward off a subset of data to a third-party that has a HEC-equivalent endpoint, but need to do so securely (and be selective about what we send)
Hi @abhijeet01 - Thanks for that. Unfortunately this covers only a raw TCP stream or forwarding to a Syslog server, and is restricted to a server:port target as opposed to a HTTPS or REST-based endpoint.
Also, because the endpoint is not Splunk, sendCookedData must be set to false, and (as far as I am aware) this will result in the data being sent in cleartext which is not an option (at minimum we require HTTPS/TLS1.2)