Hello community,
we would like to forward a subset of syslog data to a 3rd party syslog host.
So, no problem, this is possible with a forwarder or a heavy forwarder (http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/Forwarddatatothird-partysystemsd).
But, I want to do this on our (single) indexer.
What happens if I add a outputs.conf, and so change the indexer to a heavy forwarder?
Is still everything (search, dashboards, alerts, ...) working as it should, plus the posibilities of a heavy forwarder?
Thanks for your help.
↧