Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Forward data from one SH to another indexer which are not connected in any away ??

akhil36109
New Member
‎02-07-2018 09:20 PM

I have a search head - COB
i have two indexers connected to it - Ind1 and Ind2

and I have another indexer MBS01 which doesnt have any connection with above SH and Indexers.

Now i want to run a query which gives me some required fields as results in COB
for example say device_name, device_Id, cust_name, cust_ID

now i want this results sent into MBS01 indexer into a summary index called "OPS_index"which doesnt have any connection to "COB SH".

Note: Now after sending d required fields to MBS01 and storing them into summaryindex="OPS_index" , I want to run a ML prediction query in MBS01 on this summary index.

QUESTIONS:

1.Can i install UF in COB and export the results as csv and using UF can i send to summaryindex="OPS_Index" in MBS01??
so if i do use UF wil it get re-indexed again in MBS01 ??
so if its re-indexed can i run the ML PREDICTION query ??

is there any other way to forward results from COB SH to MBS01 ??

Tags (1)
0 Karma
Reply

starcher
Influencer
‎02-09-2018 09:25 AM

You could use an alert action to send the search results to a HTTP Event Collector for the other indexer. https://splunkbase.splunk.com/app/3508/

0 Karma
Reply

DUThibault
Contributor
‎02-08-2018 06:27 AM

You could have a UF on COB working on behalf of MBS01, it would merely need to watch some file, which could be updated by a script on COB. Seems a roundabout way of doing things, however.

0 Karma
Reply

HiroshiSatoh
Champion
‎02-07-2018 10:26 PM

Is this helpful?

http://docs.splunk.com/Documentation/Splunk/6.5.0/Forwarding/Routeandfilterdatad#Perform_selective_i...

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...