Hello,

I'm new to splunk and hope you can help me with this problem.
I'm using Universal forwarder to send data from Server X to Splunk server A and to a third party Server B.
When third party Server B closes TCP port for any reason, Splunk forwarder on server X stops also sending data to Splunk server A.

How can I prevent forwarder on Server X to close stream to Splunk server A?

My forwarder config on Server X is as follows:

inputs.conf:

[default]
host = TEST
[monitor:///var/log/list.log]
disabled=false
sourcetype=log_iedge
index=vo

[monitor:///var/log/lstat.log]
disabled=false
sourcetype=log_lstat
index=vo

[monitor:///var/log/ISDM.log]
disabled=false
_TCP_ROUTING = Server_B

outputs.conf:

[tcpout]
defaultGroup = default-autolb-group, Server_B

[tcpout:default-autolb-group]
server = A.A.A.A:9998

[tcpout:Server_B]
server = B.B.B.B:9981
sendCookedData = false