1 Linux UF Sending to 2 Different Indexers with Un...

sheenay · ‎10-21-2020

Hello Everyone,

I'm in a bit of a brain pickle right now and hoping the community can help. I have a Linux box with a UF on it. Currently it is setup to send to a HF with SSL configured on the port. I'm now in a situation where I need to allow that same UF to send to a different HF with a different SSL Cert.

I thought this wouldn't be an issue, I know how to go into outputs.conf and specify two different outputs variables and I even know on my inputs.conf file I can specify to monitor the same file to 2 different indexers with different indexes.

What I don't know is how this all works in the server.conf file. On both HF/Indexers I have a server.conf file setup, how do I get this to work on the UF? Is there a way for me to specify 2 different HF/Indexers SSL configs in server.conf like you can with outputs.conf?

Any help would be appreciated!

nwuest · ‎10-26-2020

Hi @sheenay,

I commend you for giving this setup a whirl.

Are the HF/Indexers and Universal Forwarder in the same OR separate information systems each with their own C.A.?

I do hope to hear from you!

V/R,
nwuest

1 Linux UF Sending to 2 Different Indexers with Unique SSL Certs

configuration

troubleshooting

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?