Hello All, I am planning to install the sonic wall app on my splunk distrbuted system. I have a heavy forwarder feeding off a syslog NG server. When i point the firewall to the syslog Ng data is flowing in. I am stuck at how to on board the data. Like for instance what do i choose for the following keeping in mind that the heavy forwarder is feeding data to 2 indexers and the application is situated on the search head.
1. What is the source type that i have to select
2. What is the app context
3. what is the index that i have to select?
The reason for this doubt is because on a standalone system where everything is together i just install the app and select the right settings according the applications but here the search head is on another server and the HF just feeds data on to the indexer.
↧