Hi,
Our setup is as follows:
- Managed Splunk Cloud instance
- Heavy Forwader (on-prem)
- Syslog server (on-prem)
Our on prem servers have universal forwarders on them and forwarder to the HF which then sends to splunk cloud.
We are starting to spin up EC2 instances in AWS and want to do the same monitoring, so UF installed on the instance and forwarding to splunk cloud.
My question is how do we do this?
It seems a bit daft to send our logs back to our on-premis HF to then send to the cloud.
So should we create a HF in our AWS VPC and point all our ec2 instances towards that?
How has everyone else tackled this issue?
Cheers,
Fraser
↧