Index from one indexer to another (non-clustered)

Deployment Architecture

Hello,

So I have a rather unique issue that I am really having trouble with. We have a client that has their own splunk system in place. They send their data in a multitude of indexes to the their main indexer, nothing odd there. What we need though is to have a select grouping of indexes sent from their indexer, to our splunk on another network. A suggestion was made to basically query the indexes and toss them into a file then read that as a log. While that is an option I believe will work, it is a little ghetto and also consumes more disk space. Is there a native way of after something is indexed, for the indexer to also forward it on to us? I talked with our client about having the universal forwarder on the devices send to both indexers (which was way easy but they do not want the network bandwidth on those systems taxed more than they already are), so here I am trying to find the best method to do this. Thanks in advance for any possible assistance.

Get Updates on the Splunk Community!

Index from one indexer to another (non-clustered)

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

Index from one indexer to another (non-clustered)

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...