Splunk Enterprise

sending index data to another system


I have to forward the data from my single instance indexer to another system i.e indexer and third party system.

I have tried the below configuration but I am receiving only the local system data i.e /var/log/cron as mentioned in input, how can I get the all hosts file that I configured on my index system.

i .e log files of system1 ,system 2 etc.

[root@splunkvm]# cd /opt/splunk/etc/system/local
[root@splunkvm local]# cat inputs.conf
connection_host = ip

disabled = false
index = index2
sourcetype = linux_logs
_TCP_ROUTING = indexer
[root@splunkvm local]# cat props.conf

[root@splunkvm local]# cat transforms.conf
[root@splunkvm local]# cat outputs.conf
indexAndForward = 1

server = 192.168.x.x:9997
[root@splunkvm local]#

Labels (2)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>