If we're talking about s2s (tcpout or httpout), Splunk uses output groups. In a simplest scenario (and I suppose with your environment sizing that't the case) your output group consists of just one output.

[tcpout]
defaultGroup=myIndexer

[tcpout:myIndexer]
server = 1.2.3.4:9997

That's the basic, most simple setup. (We're not digging into stuff like enabling/disabling TLS or useACK at this point).

You might have more than one destination indexer within a single group

[tcpout]
defaultGroup=myIndexer

[tcpout:myIndexer]
server = 1.2.3.4:9997,2.3.4.5:9997

In this case your output traffic will be load-balanced between those two destination servers.

But you can have more than one output group (in this case both groups have just one server each)

[tcpout]
defaultGroup=myIndexer1,myIndexer2

[tcpout:myIndexer1]
server = 1.2.3.4:9997

[tcpuout:myIndexer2]
server = 2.3.4.5:9997

With this setup each chunk of data will be enqueued for both output groups (each consisting of just one server inthis case but there could be more servers in each group for load-balancing).

I explicitly say "enqueued" instead of "sent" because that's where we're getting into muddy waters of possible issues I mentioned earlier.

With a single destination, you have a single queue so if something gets clogged your event processing just stops and that's it. Here it gets more complicated because each output has its own queue so you have to configure Splunk to either block the whole forwarding process if the data cannot be enqueued to the output or have to drop the events if an output cannot accept it. That results in some tricky scenarios where you either block the pipeline or lose data due to dropping.

Actually, in some cases it could be easier to install two instances of an UF on one machine and send data independently from either of them. But while that can be relatively easy to achieve on a linux machine, with Windows it can be more complicated (I haven't done it myself on a windows box).

Thanks PickleRick!