I am looking into simplifying my Splunk architecture. I currently have two Linux indexers in different regions. They are currently setup identical - same indexes, same everything. They are collecting logs for each region. We are migrating to a transit network that will have access to both regions. I need to take the data from both indexers and combine it together on a new Linux indexer. How do i merge the two indexers together?
↧