Hi, quite new to Splunk. I have had a look at the various documentation and have managed to come this far (see below).
I have installed a Universal Forwarder on two of my machines. This is sending logs to one instance of my Splunk Enterprise (also known as the indexer). Here I can see all my logs and search. Is there anything else I need to do at this point, to configure the indexer?
How do I get this data from the indexer to a search head? And how do I configure this? I have had a look online and I think I need to do something with Distributed Search but cannot seem to get it working. E.g for Search Peers, what goes in Peer URI? Distributed search authentication? I have followed the guide but cant seem to understand what goes in these fields.
How does my indexer server talk to the search head one?
Thanks in advance.
Abdul
↧