I am wondering if anybody have experience with setting Universal Forwarders and Splunk instances up in a way that is fault tolerant and support business critical data.
We want to send Business Events to Splunk and then calculate financial data reports based on those - the questions is can we trust Splunk to do that and then avoid going to the database for getting the same values?