Hi,  I am trying to redirect logs only for a specified index of mine to 3rd party. But The target destination is receiving all possible logs.  My input.conf contains several index for testing purposed.    inputs.conf [udp://514] sourcetype = syslog index = custom_index [tcp://127.0.0.1:514] sourcetype = syslog index = main [tcp://127.0.0.1:515] sourcetype = tcp_logs index = tcp_custom   my props:    [tcp_logs] // source type stanze from what I've found in the documentaiton. TRANSFORMS-indexAndForward = forward_to_third_party   transforms.conf   [forward_to_third_party] REGEX = .* DEST_KEY = _TCP_ROUTING FORMAT = my_third_party_destination   and output.conf   [tcpout] indexAndForward = true defaultGroup = my_third_party_destination [tcpout:my_third_party_destination] server = 0.0.0.0:9000 sendCookedData = false   could you please advice?  Thanks  ... View more

Hi everyone,  I am trying to redirect logs from Splunk Enterprise locally installed to OpenSearch Logstash or to Aws Kinesis.  I am quite new to Splunk so it brings troubles in getting the idea how it can be achieved.  Am I right ? :  1. We can use heavy forwarder so the output can be send to Logstash host and port ?  2. No way to stream data to Aws Kinesis even with add-ons nither CLI nor Web Splunk.  Probably it is possible to use splunk sdk / api for getting stream of data so it can be programmatically transferred to Kinesis by aws jdk.  I hope someone has some experience with it.  Thanks !  ... View more