I was wondering if anyone is currently using Splunk forwarders as the means by which they receive all log data and then forward the data to multiple non-splunk sources?
I have several monitoring tools that require netflow data, snmp, and syslog and I wanted to use Splunk forwarders as the primary entryway for all monitoring data and then route/clone the data to multiple sources.
I am looking for any general guidelines and suggestions.
Specifically the product I am looking to integrate Splunk in front of is Spectrum but general advice is all I am looking for.
i'm more looking for anyone who is actually using Splunk to route to 3rd party systems for what they would consider 'production'
i have to make my case to the people running Spectrum if I think Splunk would work well and they're not gonna let me mess with their deployment if i'm not convincing and am just going off a gut feeling that Splunk is better