I need to create a standalone Splunk instance to handle health data (about the health of humans. Non-IT data).
So, I want to forward its `/var/log/*` data to my main indexer like any other server.
Is there a way to have a universal forwarder and an unrelated indexer living on the same server? What are the caveats in setting that up?
↧