Please i need to use de UDP protocol to add Forwarders (Universal in my case) buy supoust its de same command working with another options of "forwarders"..
splunk add forward-server IP:PORT -auth user:pass
¿what is de sintaxis?
No, forwarding from a Splunk instance to another cannot use UDP. Why would you need UDP?
If you really can't do this via TCP, you'll have to resort to sending syslog over UDP from the forwarder to the indexer.
and that would not be a good idea, since you'd then be limited to standard syslog limits (<1k message size, single line). Try to fit a stacktrace, or eventlog message into that... 🙂