Hello, I recently had to deploy a Heavy Forwarder in my infrastructure in order to perform transformations using a custom app. The current flow is as follows : UF -> Heavy Forwarder relay -> Universal Forwarder relay -> Indexers I am now observing a queue full issue on all Heavy Forwarders, while the queues on the next Universal Forwarders relay remain free. I am therefore questioning the suitability of this architecture. I would like to know whether the Heavy Forwarder is still supposed to be at the end of the log flow, sending data directly to the Indexers, or if it can be positioned upstream of a Universal Forwarder that relays the data to the indexers. Could this intermediate layer of Universal Forwarder be the cause of the queue saturation? Thank you in advance for your help.
... View more
