I need to move lots of dashboards, alerts, scheduled reports, lookup tables and data feeds to a new Splunk environment due to security issues. I would like to make that transition an incremental process rather than one big 'switch over'.
My questions are:
> Which knowledge objects can be accessed via federation?
> What are examples of federated syntax for 'inputlookup', 'loadjob', etc. commands?
I realize there will be a performance impact, but that will be temporary while transition to the new Splunk environment is ongoing.
Where is the current documentation for using federated access?
Thanks in advance.