Actually I want to ask that what is the equivalent of this command?:
splunk enable app SplunkForwarder -auth :
I saw the `indexAndForward` option, but it's not the equivalent the command above, isn't it? with this option,Splunk indexes all data locally, in addition to forwarding it. is not there any option only to forward?
Is it just enough to use the `[tcpout-server://:]` option to forward data? Is this option an equivalent?
adding: I want to separate data pipeline[1] segments from each other. especially "input, parsing" and "indexing". How do I build a structure to achieve this?
[1]: https://docs.splunk.com/Splexicon:Datapipeline
↧