Perhaps a silly question… but,…
First the situation, two sites… seperated by the internet. One site is the Splunk headquarters with Cribl forwarders, second is a tenant with the log sources.
Now the question…
Is it possible to have a Cribl instance on the tenant site, but create a pull for the data from the headquarters? The reason for the pull is security… we don’t want the possibility for data to be pushed into our headquarters.
The log data itself will be syslog format, so Cribl can handle it.
We also thought about Kafa at the tenant, but i want to investigate what is possible with Cribl at the tenant.
Thanx for the advise