Hello, Can any one please tell me that, Whether splunk reads event from only splunk installed machine or non-splunk machine also ? Also Please give me idea about forwarding mechanism of splunk. and one more question is that, in which format splunk forwards events? whether it uses any binary format ? because when I was trying to forward events from splunk to RHEL machine it is forwarded in raw (0#) format. Is this the behavior of splunk or m I going wrong somewhere ?
Thanks In Advance.