Deployment Architecture

Forward data from one SH to another indexer which are not connected in any away ??

New Member

I have a search head - COB
i have two indexers connected to it - Ind1 and Ind2

and I have another indexer MBS01 which doesnt have any connection with above SH and Indexers.

Now i want to run a query which gives me some required fields as results in COB
for example say device_name, device_Id, cust_name, cust_ID

now i want this results sent into MBS01 indexer into a summary index called "OPS_index"which doesnt have any connection to "COB SH".

Note: Now after sending d required fields to MBS01 and storing them into summaryindex="OPS_index" , I want to run a ML prediction query in MBS01 on this summary index.


1.Can i install UF in COB and export the results as csv and using UF can i send to summaryindex="OPS_Index" in MBS01??
so if i do use UF wil it get re-indexed again in MBS01 ??
so if its re-indexed can i run the ML PREDICTION query ??

is there any other way to forward results from COB SH to MBS01 ??

Tags (1)
0 Karma


You could use an alert action to send the search results to a HTTP Event Collector for the other indexer.

0 Karma


You could have a UF on COB working on behalf of MBS01, it would merely need to watch some file, which could be updated by a script on COB. Seems a roundabout way of doing things, however.

0 Karma

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...