Getting Data In

Universal Forwarder to Both On Prem and Cloud Instances

LCelley
Explorer

We're starting outline our architecture and how data will flow, and we're looking to forward data to both an on prem dev environment and cloud environment at the same time. Splunk documentation only seems to show how to install to forward to one version or the other.

I do see that you can modify .conf files to clone data to multiple locations, but during install you're still choosing Splunk Cloud or Enterprise. I guess I'm looking for some input on how people with both types of environments at the same time handle their data.

Labels (1)
0 Karma
1 Solution

gcusello
Esteemed Legend

Hi @LCelley,

you have to configure your outputs.conf for sendind data to both environment.

Obviously in this way you duplicate your license consuption because you index twice the same logs!

At https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Routeandfilterdatad you can find more infos.

Anyway, at https://community.splunk.com/t5/Getting-Data-In/How-to-send-the-same-data-to-multiple-Splunk-Enterpr... you can find my answer to your question.

Ciao.

Giuseppe

View solution in original post

gcusello
Esteemed Legend

Hi @LCelley,

you have to configure your outputs.conf for sendind data to both environment.

Obviously in this way you duplicate your license consuption because you index twice the same logs!

At https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Routeandfilterdatad you can find more infos.

Anyway, at https://community.splunk.com/t5/Getting-Data-In/How-to-send-the-same-data-to-multiple-Splunk-Enterpr... you can find my answer to your question.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...