Hi All
We currently have universal forwarder installed in our 3 application servers to forward application logs to Indexer.
The inputs.conf file in each of the application server looks like this
[monitor://C:\logs\logfiles\Application\Applog_*]
sourcetype = business_iis
index = business_idx1
The outputs.conf file in each of the application server looks like this
[tcpout:LoadBalancedIndexers]
defaultGroup = LoadBalancedIndexers
server = splunkbusinessindexer.info.com:13071
We are trying to implement the concept of Intermediate forwarder for the 3 application servers.
We will have an intermediate universal Splunk forwarder which will receive the log files from the universal Splunk forwarders installed in each application servers and forward them to Indexer.
For that I am trying to configure the inputs.conf and outputs.conf files in the Application servers and the Intermediate forwarder.
I am not able to understand which IP and port number should be configured in which file in comparison to what we already have.
Can someone please help me in writing the correct configuration.
Thanks
Nirmalya
↧