I am seeing duplicate events coming from SPLUNK to our external logger.
external syslog server is 10.1.1.25

It appears there are duplicate specs in different stanzas below. Could this be the cause of the duplicate data
we are seeing?
[syslog:Everything]
[syslog:Logger]

OUTPUTS

[syslog]
defaultGroup =

[syslog:Everything]
disabled = false
timestampformat = %b %e %H:%M:%S
server = 10.1.1.25:514

[syslog:Logger]
disabled = false
timestampformat = %b %e %H:%M:%S
server = 10.1.1.25:514

[tcpout]
maxQueueSize = 500KB
forwardedindex.0.whitelist = .*
forwardedindex.1.blacklist = _.*
forwardedindex.2.whitelist = _audit
forwardedindex.filter.disable = false
indexAndForward = false
autoLBFrequency = 30
blockOnCloning = true
compressed = false
disabled = false
dropClonedEventsOnQueueFull = 5
dropEventsOnQueueFull = -1
heartbeatFrequency = 30
maxFailuresPerInterval = 2
secsInFailureInterval = 1
maxConnectionsPerIndexer = 2
forceTimebasedAutoLB = false
sendCookedData = true
connectionTimeout = 20
readTimeout = 300
writeTimeout = 300
useACK = false

defaultGroup=nowhere