We have a few silo'd networks and each has their own Splunk setup. My group is going to ingest specific index's from them but cannot be part of their cluster. How would I send (say for example the Security logs held in the Security_index), from Indexer 1 to indexer 2? So far most of the answers I have come across deal with clustered systems or decommissioning one indexer and search head to bring up another. Any assistance would be greatly appreciated.
↧