Hi,
I want to send all the event to two target group but do not want spend specific log event to specific target but it should get rest of the data.
This config need to be define on Splunk HF.
Please help me in that.
@pankajupadhyay
Refer Splunk Docs-https://docs.splunk.com/Documentation/Splunk/8.0.6/Forwarding/Routeandfilterdatad#Filter_and_route_e...
This contains exactly what you are referring in question. let us know if it helps!
I wanna forward these speicifi events only to target destination but it is senidng other event too.
Transforms.conf
[logs_type1]
REGEX = (logged out|Rejected password for user|Cannot login|logged in as|Accepted user for user|was updated on host|Password was changed for account|Destroy VM called)
DEST_KEY = _TCP_ROUTING
FORMAT = esxireceivier
Props.conf
[vmw_logs]
TRANSFORMS-routing=logs_type1
Can you please help me in that ?
Hi @pankajupadhyay , you can specify the destination host in outputs.conf
eg:-
outputs.conf
[tcpout:esxireceivier]
server=your_destination_ip:port
--------------------------------------------------------
If this helps your like will be appreciated😀