Solved: What is aggregation in Splunk?

eitherlucas · ‎07-25-2019

The instruction of my project is: All local event logs must be duplicated to Splunk for events aggregation. In addition, I must aggregate events from one Centos 7 Virtual Machine to another Centos 7 virtual machine. I'm just new to Splunk and I don't quite understand what it means or how to even do it.

chinmoya · ‎07-25-2019

I am not quite sure what you want since the data provided are very limited.

But it seems like you want your data of one Splunk instance to be copied to another Splunk instance.
This can be done by indexer clustering.

Check out the below link it might help you out.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Basicclusterarchitecture

View solution in original post

chinmoya · ‎07-25-2019

I am not quite sure what you want since the data provided are very limited.

But it seems like you want your data of one Splunk instance to be copied to another Splunk instance.
This can be done by indexer clustering.

Check out the below link it might help you out.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Basicclusterarchitecture

What is aggregation in Splunk?

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

What is aggregation in Splunk?

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience