Imagine, several stovepipes exist... all separately configured...
Due to constraints, your customer doesn't want to turn the stovepipes into Heavy Forwarders and build an indexing tier and Search Head. So, the thought occurred to me:
Can you identify alerts that you want to be triggered, then, in turn, send those alerts to a separate SH?
I've read solutions that write the triggered alerts to syslog, but, I was curious if there were any other creative ways to send triggered alerts to a separate Search Head?
↧