We have got "heavy forwarders" and our client has got a Splunk Heavy forwarders at their side before they send to us.
So the path of flow is
Individual host (A) with UF => Heavy Forwarders (B) => Heavy Forwarders (C) => Indexers (D)
The hostname is coming as (A) in our indexers which is fair.
Is there any chance to get information of (B) and (C) (i.e. their hostname, properties etc.)? , i.e. "hops" data went through.
Cheers
↧