I am new to Splunk. I have a syslog server set up as a Receiver and another server set up as a Heavy Forwarder. I thought this was necessary in order to parse data before it is sent to the Receiver. Am I correct on this? I do not have an Enterprise license; I'm in the trial period. In Apps see an option to set up forwarding and an option to set up a Lightweight Forwarder. Should I be seeing something that says Set up a Heavy Forwarder? Am I not seeing it because I don't have an Enterprise License? Thanks!
Lawson
... View more