Trying to set up a test enviroment to be used in production. Will be taking data from another Splunk HF and sending it to our HF.
Must use UDP to transmit the data.
I have played around with creating the output.conf/input.conf, props.conf, and transforms. But it keep looking like its indexing in the first HF, and not getting to the second HF.
I have tested with netcat that UDP is sent to the other machine (UDP) watching with tcpdump.
Was using UDP:1514 for testing purposes.
If anyone can assist. I can try and add the .conf files but I think they are all messed up now, that not sure if it would be helpful to post them.
↧
