Quick question - When I have notification with default target i.e. System Message. Does this get recorded in Cribl logs? if yes, should it be on leader or worker group node?
I see the notifications.log on the leader cribl/log directory
You might be able to use Notifications and a WebHook target, using HEC like the below to reduce the need to put an Edge node or similar on your Leader to get this info. Might need Splunk Cloud support to allow the `allowQueryStringAuth` parameter though: https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-webhooks-with-the-http-event-collector.html
<@U0153P89SNQ> <@U03AHE2KW92> in the attached document I have 3 options to send Cribl notifications to SplunkMy favorite is the first option since it is supported by both Splunk on-prem and cloud.The second option is identical to your linkThe third is an App that is available on Splunkbase
0
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.