Hello,
please I would like to know if the following one is a possible/valid Splunk architecture.
Multiste cluster, with sites A, B and C. 200 Forwarders.
- site A and B communicating each other and replicating data, receiving logs from forwarders 1 to 100.
- site C receiving logs from forwarders 101 to 200 and replicating data only inside the site itself.
Thanks and best regards.
↧