Hello Splunk Support,
we have the following problem:
- We must send a log file to different receiver:
-- a Splunk server and the splunk server need ALL events
-- a non-splunk server, but only few events, so a whitelisting solution
I found the following documentation
https://answers.splunk.com/answers/9076/how-to-configure-a-forwarder-to-filter-and-send-only-the-events-i-want.html
Now my questions:
- Could I combine both solution – all events to one server and few events to another server??
... View more