×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
nickcc
Engager
Member since: ‎03-08-2019
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎03-08-2019
View All

Re: How can I increase the universal forwarder buf...

by in Deployment Architecture
‎03-08-2019 07:32 AM
1 Karma
‎03-08-2019 07:32 AM
1 Karma
The recommended approach is to send Syslog messages to a syslog receiver like syslog-ng. The syslog receiver will write the events to file, and then you use a forwarder to collect the results from file, and send to your indexers. This breaks the "real-time" dependency for syslog, and means that you can tolerate network disruption between the UF-indexers, rather than risk loosing syslog messages in flight. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All