I have 4 servers in which 2 are clustered and are used as search heads, a 3rd one is Splunk Enterprise Security, and the 4th server is search head pooling. These are connected to indexers. I want to know how to find whether the environment is clustered or distributed. If it is distributed, then how should I add new index to it and pull logs into that index?
Thanks,
Nishwanth
↧