Access Splunk UF meta data
splunk uf internal logs are picked up by a passthru pipeline in cribl. based on index.startsWith('_') for the route filter. That works fine.
the problem, i lose all meta information about the splunk ufs. like version and os. Can this be prevented somehow?
I just see all the cribl workers and some machines (HF) that are sending data directly to splunk
Original post was from