i am using Syslog-ng to send logs to Cribl (distributed deployment ).
In this setup, A cribl leader and one single worker is configured.
in the syslog-ng , i configured it to send to Cribl leader IP using port 5514.
but i got an error that syslog connection failed:
but when i set the Cribl worker as destination in syslog-ng it works!
I asssumed initially that the Cribl leader IP should be set in the destination part in syslog-ng config file but doesnt work that way as i had error (mentioned above).
Apparently when we have multiple worker nodes. should we redirect to just one worker?
how does this works?