I have a separate Splunk Enterprise instance, The 9997 port has been enabled to receive events from each host and set up their own index for them。For example: apache_access, secure ect .....
now , I want to convert it into a heavy forwarder and forwards these events to an indexer cluster.
So the question is coming,
How do I forward the event of a specific index on the heavy forwarder, (for example: apache_access) to the specified index of the indexer cluster (for example: web_apache_access)
Example:
apache_access (from heavy-forwarder) ————————>Forward TO ————>web_apache_access(indexer clustering)
↧