Apica's plugins include creating one or more Splunk Output configurations that can be then used to send data to Splunk. We support all the enterprise modes for forwarding, including sending data to a Standalone Server, a list of indexers, and sending data to indexers using Peer discovery.

Architecture

Required components

Follow the below steps to create an S2S forwarder to a splunk indexer

1. Create a UF Proxy app extension

2. Create a forwarder to use the UF proxy app extension created in step 1 above

   • One or more forwarders can be created to use the same UF Proxy app

     • Forwarders can be of type _json or _metric

     • _metric type can forward to a splunk metric index

     • _json can forward to a splunk standard index

Creating UF proxy app extension

The Splunk plugin for output configurations can be launched from the App Extensions section under Explore.

Selecting the "Forwarding Proxy" app gives you the configured proxies as well as the ability to create a new one.

You can expand on the proxy to see its settings. The "hec_token" can be used to setup the forwarder.