hi all,
we our splunk enterprise with this configuration:
1 universal forwarder
2 indexers in cluster
1 search head
1 SIEM
how can i send traffic to our splunk based on syslog ?
""when we define input in our forwarder with F5 IP address and UDP port 514 we can receive data also the forwarder sends data to indexers and we can see them by our new defined index, but the data is not usable/readable because of mis-configuration in TA/add-on.""
how can i configure add-on in such this structure ?
↧