Re: Splunkforwarder - log to file?

panulpet · ‎11-29-2019

Hi,

Is it possible to forward logs to indexer and at the same forward logs locally to a new file? I mean forwarder would crete a new file and put indexed data there..

Thanks
-Pete

saramamurthy_sp · ‎11-30-2019

If you are question is , when the forwarder forwards a data to a indexer and these data will be forwarded into a different folder, then I am sorry this wont happen.

Forwarder only forwards the data to the indexer,you can forward the same data to multiple process, but you cant forward the indexed data to a different file or location.

richgalloway · ‎11-30-2019

I'm not aware of such a feature. Why do you need it? What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.

panulpet · ‎12-01-2019

Hi, This question came from Our customer.. I need to find out what they are trying to solve with this setup 🙂

Splunkforwarder - log to file?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation