Re: Splunkforwarder - log to file?

panulpet · ‎11-29-2019

Hi,

Is it possible to forward logs to indexer and at the same forward logs locally to a new file? I mean forwarder would crete a new file and put indexed data there..

Thanks
-Pete

saramamurthy_sp · ‎11-30-2019

If you are question is , when the forwarder forwards a data to a indexer and these data will be forwarded into a different folder, then I am sorry this wont happen.

Forwarder only forwards the data to the indexer,you can forward the same data to multiple process, but you cant forward the indexed data to a different file or location.

richgalloway · ‎11-30-2019

I'm not aware of such a feature. Why do you need it? What problem are you trying to solve?

---
If this reply helps you, Karma would be appreciated.

panulpet · ‎12-01-2019

Hi, This question came from Our customer.. I need to find out what they are trying to solve with this setup 🙂

Splunkforwarder - log to file?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation