I am planning to send the logs to multiple Splunk indexers (location) based on the logs type from one universal forwarder
example
server-1 myapp1.log -> indexer-South
myapp2.log -> indexer-south
myapp3.log -> indexer-east
myapp4.log - > indexer-east
server-2 myapp1.log -> indexer-South
myapp2.log -> indexer-south
myapp3.log -> indexer-east
myapp4.log - > indexer-east
can this be done? I would like some feedback how to do that.
thanks
↧