Hi,
Can the UFW send cooked data to a 3rd party receiver over tcp?
Hi a212830,
Yes, it can. BUT:
Even the universal forwarder can send to any kind of 3rd party receiver, it is most likely that this receiver will only see data babble.
The parsed and unparsed formats are both referred as cooked data, to distinguish them from raw data. By default, forwarders send cooked data — in the universal forwarder's case, unparsed data, and in the heavy forwarder's case, parsed data.
Therefore follow the docs on Forward data to third-party systems
cheers, MuS
Hi a212830,
Yes, it can. BUT:
Even the universal forwarder can send to any kind of 3rd party receiver, it is most likely that this receiver will only see data babble.
The parsed and unparsed formats are both referred as cooked data, to distinguish them from raw data. By default, forwarders send cooked data — in the universal forwarder's case, unparsed data, and in the heavy forwarder's case, parsed data.
Therefore follow the docs on Forward data to third-party systems
cheers, MuS
Yes, that is correct.
OK, so it sounds like cooked data is splunk-to-splunk communication and raw data is for other 3rd party systems?