Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

1 Linux UF Sending to 2 Different Indexers with Unique SSL Certs

sheenay
Explorer
‎10-21-2020 09:04 PM

Hello Everyone, 

I'm in a bit of a brain pickle right now and hoping the community can help. I have a Linux box with a UF on it. Currently it is setup to send to a HF with SSL configured on the port. I'm now in a situation where I need to allow that same UF to send to a different HF with a different SSL Cert. 

I thought this wouldn't be an issue, I know how to go into outputs.conf and specify two different outputs variables and I even know on my inputs.conf file I can specify to monitor the same file to 2 different indexers with different indexes. 

What I don't know is how this all works in the server.conf file. On both HF/Indexers I have a server.conf file setup, how do I get this to work on the UF? Is there a way for me to specify 2 different HF/Indexers SSL configs in server.conf like you can with outputs.conf?

Any help would be appreciated!

Labels (2)
Tags (2)
0 Karma
Reply

nwuest
Path Finder
‎10-26-2020 10:38 PM

Hi @sheenay,

I commend you for giving this setup a whirl.

Are the HF/Indexers and Universal Forwarder in the same OR separate information systems each with their own C.A.?

I do hope to hear from you!

V/R,
nwuest

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...