Hi everybody,
I'm new in Splunk, so be gentle, please.
So that's the scenario:
I have a Splunk Heavy forwarder, and I want to know if it is possible to prioritize the data which is forwarded to the indexer(s)?
For example: I have security relevant log data and I want this data to be forwarded first, every time. So that non-security relevant data is held back until the security relevant data is indexed.
Is that possible and how?
If possible, looking for solutions which are built-in to out-of-box Splunk, add-ons etc. I can't use another software for it since the system Splunk is running on is already pretty limited.
Thank you
David
↧