I have several public facing web servers on which I want to run Splunk in a light-forwarder configuration. However, rather than opening any firewall ports FROM my DMZ back into my trusted network, I would much prefer a configuration permitting a Splunk indexer on my trusted network to instead just reach into the DMZ to grab data from the light-forwarder Splunk running on the public facing server. Is this possible with Splunk and if so, must I be running a particular version?
Rather than a light-forwarder, I guess what I'm really looking for is a store until retrieved type of configuration, but I'm not sure if that is even possible with Splunk. Thanks!
... View more