I need to send off some of our data to a 3rd party tool as syslog data for automation purposes. I also don't want to lose these logs from being ingested into my splunk instance. Below is the config which will send my data via syslog from my heavy forwarder. My question is what do i need to add in order for this data to also be sent to my indexers for processing?
`#props.conf#
[host::*abc*]
TRANSFORMS-abc = send_to_third_party
#transforms.conf#
[send_to_third_party]
REGEX = .
DEST_KEY = _SYSLOG_ROUTING
FORMAT = send_to_third_party
#outputs.conf#
[send_to_third_party]
server = server.company.com:514`
↧