I was talking with someone who may have assets with the same IP across multiple data centers. In other words, the same IP ranges are allocated in different data centers, so any given IP may appear associated with assets from two different data centers.
Anyone dealt with this? Any recommended best practice (other than not overlapping IP ranges) for distinguishing said IPs within Splunk?
One approach I considered was a host override in the transforms to associate the datacenter with the ip for the host value. Although, I'm curious if other folks have found other creative solutions?
↧