Getting Data In

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

sravankaripe
Communicator

In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermediate forwarder to Splunk Indexers. Can anybody help me in providing a sample configuration file for this?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

See this (old post but you can refer to latest documentation for each step)

https://answers.splunk.com/answers/10429/is-there-an-example-configuration-available-for-an-intermed...

Basically

Setup Forwarding on Universal forwarder (installed on your application servers) - (should forward to your Intermediate forwarder) http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/EnableforwardingonaSplunkEnterpriseinst...
Setup Receiving and Forwarding on Intermediate forwarder : (should forwarder to Indexers) http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/Configureanintermediateforwarder
Setup Receiving on Indexer: http://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Enableareceiver

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...