I am looking into simplifying my Splunk architecture. I currently have two Linux indexers in different regions.
They are currently setup identical - same indexes, same everything. They are collecting logs for each region.
We are migrating to a transit network that will have access to both regions.
I need to take the data from both indexers and combine them together on a new Linux indexer.
How do I merge the two indexers together?
↧