Splunk Enterprise

1 Linux UF Sending to 2 Different Indexers with Unique SSL Certs

sheenay
Engager

Hello Everyone, 

I'm in a bit of a brain pickle right now and hoping the community can help. I have a Linux box with a UF on it. Currently it is setup to send to a HF with SSL configured on the port. I'm now in a situation where I need to allow that same UF to send to a different HF with a different SSL Cert. 

I thought this wouldn't be an issue, I know how to go into outputs.conf and specify two different outputs variables and I even know on my inputs.conf file I can specify to monitor the same file to 2 different indexers with different indexes. 

What I don't know is how this all works in the server.conf file. On both HF/Indexers I have a server.conf file setup, how do I get this to work on the UF? Is there a way for me to specify 2 different HF/Indexers SSL configs in server.conf like you can with outputs.conf?

Any help would be appreciated!

Labels (2)
Tags (2)
0 Karma

nwuest
Path Finder

Hi @sheenay,

I commend you for giving this setup a whirl.

Are the HF/Indexers and Universal Forwarder in the same OR separate information systems each with their own C.A.?

I do hope to hear from you!

V/R,
nwuest

0 Karma