Install a Splunk UF on the leader or install a Cribl Edge agent on the leader - one of those can forward the leader's logs on

So there is no way to forward it with the help of the Leader?There would be an option to send it from workers via Splunk HEC though. But trying to see if Cribl Leader is of any help in this matter

Edge is preferred, of course

Leaders don't transport data

you can query the API

using REST Collector

Worker -> REST call to Leader -> send results

And if I have more than one Worker, would it result in duplicates?

no. REST Collections are coordinated by ... the leader

Okay. Thanks a lot!

One solution is to create a REST API CollectorCollect URL = `http://leader:9000/api/v1/system/logs/notifications.log`And in the Authentication use the ' Login ' option to obtain the bearer tokenAt that point you can forward the data to Splunk