Solved: Can a single UF forwards data to multiple HF's?

manikanta66 · ‎12-06-2017

Is it possible to send data from universal forwarder to multiple heavy forwarders?
if yes how can specify the HF group.

harsmarvania57 · ‎12-06-2017

Hi,

Yes you can forward it to multiple HF. You need to do configuration in outputs.conf as below

[tcpout]
defaultGroup = HF_GRP_1, HF_GRP_2
disabled = false

[tcpout:HF_GRP_1]
server = 10.10.0.1:9997,10.10.0.2:9997

[tcpout:HF_GRP_2]
server = 10.20.0.1:9997,10.20.0.2:9997

Above configuration will forward all data to both the HF groups, if you have any specific requirement to route subset of data to different HF group then please provide more details.

View solution in original post

harsmarvania57 · ‎12-06-2017

Hi,

Yes you can forward it to multiple HF. You need to do configuration in outputs.conf as below

[tcpout]
defaultGroup = HF_GRP_1, HF_GRP_2
disabled = false

[tcpout:HF_GRP_1]
server = 10.10.0.1:9997,10.10.0.2:9997

[tcpout:HF_GRP_2]
server = 10.20.0.1:9997,10.20.0.2:9997

Above configuration will forward all data to both the HF groups, if you have any specific requirement to route subset of data to different HF group then please provide more details.

Can a single UF forwards data to multiple HF's?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector