We are looking at leveraging Splunk Cloud and we have branch locations all over the country in which we will need to forward logs into the Splunk Cloud.
Do you recommend that we install Universal Forwarders (UF) at each branch location and just forward directly to Splunk Cloud? Or is there a reason to use a Heavy Forwarder? I would think we would want the parsing/indexing being done in the cloud vs locally.
Thanks!
↧