Hello,
Can someone please direct me to the Splunk docs tutorial, or any video, that would show me how to use the heavy forwarder?
I have a sample event, lets say 5 fields. I want 2 fields to go to the Indexer. I do care about routing as I just want these two fields to stay together in the same index whenever they go.
Can someone show me an example of how to configure this in the heavy forwarder?
↧
