About saiteja1111n

saiteja1111n · ‎04-15-2021

@gcusello If I don't want to do indexing and use Universal Forwarders, I see that the config changes are required in input and output conf files. To apply this, I see that it needs restart. Does the forwarder picks up where it left after restart on pushing the logs? Or we have any way to dynamically inject config. Also I see that we can configure splunk to get data from REST API endpoints, or S3 bucket or azure blob storage. Are these supported only by splunk cloud or does enterprise also support them.

saiteja1111n · ‎04-14-2021

Hi, We have a requirement to push events/logs from our applications to different customers using splunk enterprise/cloud(events only specific to customer). Our application is a cloud solution and runs on Kubernetes cluster. I am looking for a solution in which, one application can be used to filter and push to different customers splunk instance. Can you suggest which splunk application can be used to solve this. I researched 'Splunk Universal Forwarder' can be installed and can be used to push data, but can the same universal forwarder instance be used to push to multiple customer's splunk instance? I also saw the 'splunk connect for syslog' can be installed and can be used to push data to splunk instance. Can we apply that for this usecase. In case we have a better solution, please do let me know.

Posts	2
Solutions	0
Karma Given	2
Karma Received	0
Member Since	‎04-14-2021

Online Status	Offline
Date Last Visited	‎04-16-2021 06:54 PM

Send event/log data to muptiple splunk customers

Re: Send event/log data to muptiple splunk custome...

Send event/log data to muptiple splunk customers