Hi,
I'm new to Splunk and I'd like to forward data from Splunk to an external server upon event occurrence.
From what I read so far, a heavy forwarder should be used to do so since it's the only forwarder that supports alert. Am I in the right direction?
Thanks!
Tony
Yes, you need a heavy forwarder, but if you mean from you main splunk instance, then you don't need to install it because the main splunk instance is a heavy forwarder.
Yes, you need a heavy forwarder, but if you mean from you main splunk instance, then you don't need to install it because the main splunk instance is a heavy forwarder.