Apica Forwarder Proxy Source Extension

Apica's plugins include creating one or more Splunk Output configurations that can then be used to send data to Splunk. We support all the enterprise modes for forwarding, including sending data to a Standalone Server, a list of indexers, and sending data to indexers using Peer discovery.

Architecture

Required components

Follow the below steps to create an S2S forwarder to an splunk indexer:

Create a Splunk Forwarding Proxy Source Extension.
Create a forwarder to use the Splunk Forwarding Proxy source extension created in step 1 above:
- One or more forwarders can be created to use the same Splunk Forwarding Proxy Source Extension
  - Forwarders can be of type _json or _metric
  - _metric type can forward to a splunk metric index.
  - _json can forward to a splunk standard index.

Creating Splunk UF proxy source extension (Forwarding Proxy)

The Splunk plugin for output configurations can be launched from the Source Extensions section under Integrations.

Selecting the Forwarding Proxy source extension gives you the configured proxies as well as the ability to create a new one.

You can expand on the proxy to see its settings. The hec_token can be used to setup the forwarder.

Note that a HEC forwarder is automatically created alongside the source extension. This forwarder is set up to send logs to the source extension. To use this source extension for forwarding, you need to manually map this forwarder to the required data flow.

The UF Proxy app extension allows connectivity to a splunk indexer using a variety of supported options such as a standalone indexer, list of indexers, or using indexer cluster auto discovery.

Please refer to the guides below on how to configure each of these options

PreviousSplunk Forwarding NextStandalone Instance

Last updated 6 days ago

Was this helpful?