I have following config in my output.conf
[tcpout]
defaultGroup = productionSplunk1, productionSplunk2
[tcpout:productionSplunk1]
server = X.X.X.X:9997
[tcpout:productionSplunk2]
server = Y.Y.Y.Y:9997
I have search head and 2 indexers (x.x.x.x) and (y.y.y.y), when i now look in search head i am gettign double events , eg say UF send 2 events, i am getting 4 at search head - 2 from each of above indexers.
I expected the UF to send data to me in LB fashioned. Which is what it is not doing, any idea what is bad with my config
... View more