Hello-
My current setup:
Device Syslog --> Syslog Server w/ Splunk HvyFwd --> Splunk Indexer
When I restart my Heavy Forwarder server or Splunkd, it takes up to 30 minutes to begin forwarding syslogs to the indexer. Is this due to the number of devices and folders stored within the syslog server, and is there a way to speed this process up?
Thanks,
↧