I'm setting up an Auto-Scaling group in Amazon using an AMI. I want my logs, specifically apache logs, to be pushed into my Splunk server, but want to make sure I do this properly. So the set-up is currently it spins up the AMI and runs a user data script to prep the system for the proper set-up either test or prod. We can have anywhere from 4-18 servers depending on load.
Would it be best to install the forwarder on the AMI or is there another way to do this?
Thanks in advance for your help,
Josiah
... View more