splunk-lab icon indicating copy to clipboard operation
splunk-lab copied to clipboard
verified publisher icon dmuth

Universal Forwarder Support

Open dmuth opened this issue 5 years ago • 0 comments

Since Splunk 8.0 has added to the Universal Forwarder a bit, I should add in support for a Universal Forwarder, specifically:

  • A separate Docker Image (may need to build parallel to splunk-lab-core)
  • A separate docker-compose.yml file that loads both Splunk Lab and the UF
  • A separate starting script which will download a docker-compose.yml and have the UF read from logs/ and forwarded to Splunk.

dmuth avatar Mar 02 '20 14:03 dmuth