Hello.
First time I'm posting a question, and a relative new to Splunk so I apologize up front if this has already been asked and answered, or if this is a silly question. We are planning to use Splunk for log monitoring.
Scenario:
Let's say we have 3 clients (A,B,C) to simplify the situation (in real situation we have more than 3 clients).
Each client has 20 servers to monitor.
Currently, when problem happens on Client A, we manually login to every server that belong to Client A and start checking logs.
We want to use Splunk to help us to speed up investigation in finding issue.
Question:
How should I setup Splunk to segment or partition logs?
logs from Client A are stored and indexed as Client-A logs
logs from Client B are stored and indexed as Client-B logs.
logs from Client C are stored and indexed as Client-C logs.
Reason: When issue happens on Client-A, I want to view and analyze logs from Client-A only.
I don't want to see logs from Client-B and Client-C.
Thank you in advance.
↧