![]() See Send Splunk UBA logs to a custom index on the Splunk platform. By default, data is forwarded to the _internal index on the Splunk platform, but you can also create your own index. From a command or shell prompt, navigate to the $SPLUNK_HOME/bin/ directory.Enable Splunk UBA to forward data to the Splunk platformĪfter installing the Splunk UBA Monitoring App on the search head, configure Splunk UBA to forward data to the Splunk platform. ![]() With the CLI, enable forwarding on the Splunk Enterprise instance as follows, then configure forwarding to a specified receiver. You must perform any further configuration of forwarding while indexing in the nf file. Select Yes to store and maintain a local copy of the indexed data on the forwarder.If you want to store data on the forwarder, you must enable that capability, either as described in "Set up heavy forwarding with Splunk Web" earlier in this topic, or by editing the nf configuration file, which controls forwarding outputs. To implement load-balanced forwarding, you can enter multiple hosts as a comma-separated list.Ĭonfigure heavy forwarders to index and forward dataĪ heavy forwarder has an advantage over light and universal forwarders in that it can index your data locally, as well as forward the data to another index. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |