- Splunk Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- is this tcp routing configuration valid?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is this tcp routing configuration valid?
Hi,
I want to send data to multiple systems from a specific feed. I have the following TCP_ROUTING command in my inputs.conf - is it valid? I have a stanza setup for each of these, but I'm not seeing the data come into my dev system.
_TCP_ROUTING = eigroup,eiDevgroup
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You use inputs.conf and outputs.conf to route data to specific indexers, based on the data's input.
Here's an example that shows how this works.
In outputs.conf, you create stanzas for each receiving indexer:
[tcpout:systemGroup]
server=server1:9997
[tcpout:applicationGroup]
server=server2:9997In inputs.conf, you use _TCP_ROUTING to specify the stanza in outputs.conf that each input should use for routing:
[monitor://.../file1.log]
_TCP_ROUTING = systemGroup
[monitor://.../file2.log]
_TCP_ROUTING = applicationGroup
The forwarder will route data from file1.log to server1 and data from file2.log to server2.
EDIT: What if I want to send one of those feeds to two seperate systems?
inputs.conf
[monitor://.../file1.log]
_TCP_ROUTING = systemGroup
[monitor://.../file2.log]
_TCP_ROUTING = applicationGroup
outputs.conf
[tcpout:systemGroup]
server=server1:9997, server2:9997
[tcpout:applicationGroup]
server=server1:9997, server2:9997
Yours,
eashwar raghunathan
happy splunking
if this helps you dont forget to vote!! thanks in advance!!
read more @ http://docs.splunk.com/Documentation/Splunk/5.0.2/Deploy/Routeandfilterdatad
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I need to be more specific. It appears that the above example will load-balance to two different servers within the stanza. I want to send it to different two different stanzas.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello brother i have edited the above answer!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. What if I want to send one of those feeds to two seperate systems?
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
