I have a custom solution to forward cloudwatch logs events to splunk cloud. It works great! However, i am trying to use a pair of HF configured using fargate containers 4 instances of each. I am t...
See more...
I have a custom solution to forward cloudwatch logs events to splunk cloud. It works great! However, i am trying to use a pair of HF configured using fargate containers 4 instances of each. I am treating them as 4 on the A side and 4 on the B side of an HA configuration. Im trying to approximate the functionality of the UF > HF autolb in the outputs.conf, only in this case the UF is a Lambda function. I tried sending events to one HF instance on both the A and B side, but i end up with duplicates for every event, which makes complete sense as there is no auto-dedup. What i want to do for now, is bring up a single HF that receives ALL traffic from all A side and B side HF instances. I want to configure it to dedup all events and send the result to splunk cloud. Is this doable? Would it create much latency? How would i configure that, inputs.conf, transforms, props? (I have outputs covered) Thank You, Mike