I want to use Splunk in production, I read the requirements and it will be possible to use it in a second server I could hire. But it comes several questions with that:,
how can I send all the information I want from the primary server to the one that I will install Splunk?
having a second server and send information creates another attack vector, how can it be secure?
how safe is this kind of implementation?