We have 4 node cluster with Oracle RAC. The audit logs are stored on OCFS2 clustered file system.
Want to import these audit logs in splunk.
If I configure splunk on 4 nodes these files get imported multiple times.
Do splunk have any kind of best practice guide or cluster solution ?
In inputs.conf on each node specify the alert log for just the instance on that node.