How to implement a openidm splunk audit failover

i am using Splunk as the AuditHandler for my openIDM solution and I want to make sure that when the connection to Splunk fails for exp. in a server issue. Then i want to rewrite the data since to timestamp of the connection loss.

Is there a simple solution for that or do i need to implement a logic?

thanks Burhan

Solution

If you can, write your openIDM events to a file and monitor that file with a Splunk Universal Forwarder (UF). The UF will read the file and send the contents to Splunk. If the connection to Splunk is lost, the UF will resume where it left off once the connection is restored.

Regex Substitue only on a specific group - sedcmd (Splunk)
Regex to only return matches when followed by a specific word
embeding conf files into helm chart
How to create a timechart in splunk for the timestamp and extracted field?
Match regex named group up until optional word
How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
Splunk result in Table format
Splunk: How to compute the difference of timestamps by id?
SPLUNK: How can I count events by location with a list of SERVERNAME's?
How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
Java 11 HttpClient - POST issue
Flume sink to Splunk?
Questions related to splunk builtin macros in correlation search
how to send the local file using splunk forwarder docker image?
A table of counts of http status by URL
How do I use a specific date/time in Splunk dashboard with earliest and latest?
Splunk - Handling a blank token for a dashboard search
Splunk - Extracting from search results using regex and aggregates
Splunk - Grouping by distinct field with stats of another field
Trying to log to Splunk using logback appender
How can I download infinite results from a Splunk Search to Export the Data
Regex extraction from Right to Left
How to use Python via AWS Lambda to send millions (large quantities of data) of events to Splunk
How to create a timechart with percentages by fields using a Splunk query?
Splunk: Show all the ids that are present in different events
How to show nested structures in Splunk table
Splunk regex filter events only one occurrence of special character
How to search a given time range for every day in Splunk?
Splunk Query to list down active users and the knowledge object created by them
choropleth map does not render in Dashboard Studio but it does in Classic Dashboards