Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

1 Linux UF Sending to 2 Different Indexers with Unique SSL Certs

sheenay
Explorer
‎10-21-2020 09:04 PM

Hello Everyone, 

I'm in a bit of a brain pickle right now and hoping the community can help. I have a Linux box with a UF on it. Currently it is setup to send to a HF with SSL configured on the port. I'm now in a situation where I need to allow that same UF to send to a different HF with a different SSL Cert. 

I thought this wouldn't be an issue, I know how to go into outputs.conf and specify two different outputs variables and I even know on my inputs.conf file I can specify to monitor the same file to 2 different indexers with different indexes. 

What I don't know is how this all works in the server.conf file. On both HF/Indexers I have a server.conf file setup, how do I get this to work on the UF? Is there a way for me to specify 2 different HF/Indexers SSL configs in server.conf like you can with outputs.conf?

Any help would be appreciated!

Labels (2)
Tags (2)
0 Karma
Reply

nwuest
Path Finder
‎10-26-2020 10:38 PM

Hi @sheenay,

I commend you for giving this setup a whirl.

Are the HF/Indexers and Universal Forwarder in the same OR separate information systems each with their own C.A.?

I do hope to hear from you!

V/R,
nwuest

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...