Getting Data In

Can a universal forwarder send cooked data to a 3rd party receiver over tcp?

a212830
Champion

Hi,

Can the UFW send cooked data to a 3rd party receiver over tcp?

0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi a212830,

Yes, it can. BUT:

Even the universal forwarder can send to any kind of 3rd party receiver, it is most likely that this receiver will only see data babble.

The parsed and unparsed formats are both referred as cooked data, to distinguish them from raw data. By default, forwarders send cooked data — in the universal forwarder's case, unparsed data, and in the heavy forwarder's case, parsed data.

Therefore follow the docs on Forward data to third-party systems

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi a212830,

Yes, it can. BUT:

Even the universal forwarder can send to any kind of 3rd party receiver, it is most likely that this receiver will only see data babble.

The parsed and unparsed formats are both referred as cooked data, to distinguish them from raw data. By default, forwarders send cooked data — in the universal forwarder's case, unparsed data, and in the heavy forwarder's case, parsed data.

Therefore follow the docs on Forward data to third-party systems

cheers, MuS

Ayn
Legend

Yes, that is correct.

0 Karma

a212830
Champion

OK, so it sounds like cooked data is splunk-to-splunk communication and raw data is for other 3rd party systems?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...