What I am trying to do is to get a particular source type forwarded from the heavy forwarder to a syslog server. In addition, I want the data to also go to my indexers. Is it possible to do this? What configuration would be needed?
check this link:
Also, check the below Splunk accepted answer
https://answers.splunk.com/answers/211403/how-to-configure-inputsconf-and-outputsconf-on-the.html
Hi @rajindurbal - Did one of the answers below help provide a solution to your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks for posting!
Hey rajindurbal,
To forward data from heavy forwarder to syslog server .
Refer : http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd
To forward data to indexers as well:
https://docs.splunk.com/Documentation/Splunk/latest/DistSearch/Forwardsearchheaddata
check this link:
Also, check the below Splunk accepted answer
https://answers.splunk.com/answers/211403/how-to-configure-inputsconf-and-outputsconf-on-the.html