Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Indexing capability in Heavy forwarder and Indexer

username021
Explorer
‎03-25-2014 08:32 PM

I would like to know the duty of the heavy forwarder and Indexer.
My inputs is syslog data which is read by heavy forwarder. I had set props.conf, transforms.conf in heavy forwarder itself also in outputs.conf I set the attribute ,

indexAndForward = true

this will index the data locally and forward parsed data to my indexer.
What will my indexer do ?
Will it just receive the indexed data and store in it mentioned index ?

What is the effect of mentioning my props.conf , transforms.conf in my indexer also?

My intension of using Heavy forwarder is to temporarily store the data and forward ,in case if my indexer is down or not-reachabale by forwarder.

Please clarify what is the exact conf files i need to concentrate

Reply

linu1988
Champion
‎03-25-2014 10:25 PM

You won't need the props.conf and transforms.conf in indexer if you are already parsing the data from heavy forwarder if that is the final data you want. Indexer will take as it is and index them.

incase your indexer is not reachable then you may also set persistent queue option.

Thanks

Reply
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...