AlexRuiz7
commented
2 years ago The configuration file can be added without any side effects. The content of the file outputs.conf has been extracted from the Splunk Indexer. This file is automatically created after adding a forward-server using the Splunk CLI
/opt/splunkforwarder/bin/splunk add forward-server indexer:9997 created a outputs.conf file with the following content:
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = indexer:9997
[tcpout-server://indexer:9997]
Describe the solution you'd like Research how to configure forwarding using the outputs.conf configuration file.
Start by reading this documentation from Splunk: https://docs.splunk.com/Documentation/Forwarder/8.2.6/Forwarder/Configureforwardingwithoutputs.conf
Add a summary indicating the highlights of this approach, which are the side effects and if it is feasible to move to this kind of configuration.
A Proof of Concept is highly recommendable.