So recently, I migrated from a standalone instance, to a clustered enviroment. Everything is working well, but there's this one thing, I have a vSphere server where it's previously configured to send data to splunk, where we just specify the IP for the syslog server (in my case splunk) and the data arrives there. Now, So, , but I need it to forward this data using load balancing and Indexer discovery features, to forward data to different peers rather than 1 indexer. What's the best way to keep this happening - are there any ideas ? I was thinking of deploying another lightweight syslog server, which resends the vSphere logs to a splunk forwarder, where I can configure it for Load Balancing and Indexer Dsicovery, to resend data to splunk.
... View more