I have a single instance small splunk system. I'm receiving data for a handful of apps on this system. I have data in 1 index on the system that I want to also send to an external syslog server (while keeping the data in Splunk). I have read https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd#Syslog_data but that doesn't seem to indicate how to filter out a single index, and it looks like a heavy forwarder is required? Can this work with a single-instance setup?
... View more