With regards to Splunk Enterprise I have the below query:
Our plan is to implement any new on-boarding of log feeds into new infra and going forward merge all the apps and TA-s that are currently running on the existing infra to the new Infra.
We have 2 approaches to take it forward:
So, kindly suggest which method I have to follow. If yes, then can you provide the reason for choosing the method (Justification)
In my view, you can use either of the two approaches. Both will be fine. However, you would need to have a few considerations to decide.