Getting Data In

Is there a sample configuration available for intermediate forwarding? (application servers -> intermediate forwarder -> indexers)

sravankaripe
Communicator

In my use case, I need to forward logs from application servers to intermediate forwarders, then from the intermediate forwarder to Splunk Indexers. Can anybody help me in providing a sample configuration file for this?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

See this (old post but you can refer to latest documentation for each step)

https://answers.splunk.com/answers/10429/is-there-an-example-configuration-available-for-an-intermed...

Basically

Setup Forwarding on Universal forwarder (installed on your application servers) - (should forward to your Intermediate forwarder) http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/EnableforwardingonaSplunkEnterpriseinst...
Setup Receiving and Forwarding on Intermediate forwarder : (should forwarder to Indexers) http://docs.splunk.com/Documentation/Splunk/6.4.3/Forwarding/Configureanintermediateforwarder
Setup Receiving on Indexer: http://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Enableareceiver

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...