Hi at all,
I have a Splunk instance indexing some logs.
I'd like to continue to use the server for its old job but, at the same time, to use the same server (the same Splunk instance or a different one) to forward another log flow to a different Indexer without local indexing.
In other words: I have to locally index some flows and forward to another Indexer a different one.
I know that I can configure outputs.conf to forward logs to different indexers, but is it possible to send a flow to another Indexer and locally index other flows?
Can I do this with a single Splunk instance or do I have to install another Splunk instance (Universal or Heavy) to forward?
Thank you in advance.
Bye.
Giuseppe
↧