Solved: What is aggregation in Splunk?

eitherlucas · ‎07-25-2019

The instruction of my project is: All local event logs must be duplicated to Splunk for events aggregation. In addition, I must aggregate events from one Centos 7 Virtual Machine to another Centos 7 virtual machine. I'm just new to Splunk and I don't quite understand what it means or how to even do it.

chinmoya · ‎07-25-2019

I am not quite sure what you want since the data provided are very limited.

But it seems like you want your data of one Splunk instance to be copied to another Splunk instance.
This can be done by indexer clustering.

Check out the below link it might help you out.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Basicclusterarchitecture

View solution in original post

chinmoya · ‎07-25-2019

I am not quite sure what you want since the data provided are very limited.

But it seems like you want your data of one Splunk instance to be copied to another Splunk instance.
This can be done by indexer clustering.

Check out the below link it might help you out.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Basicclusterarchitecture

What is aggregation in Splunk?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

What is aggregation in Splunk?

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!