Solved: What is aggregation in Splunk?

eitherlucas · ‎07-25-2019

The instruction of my project is: All local event logs must be duplicated to Splunk for events aggregation. In addition, I must aggregate events from one Centos 7 Virtual Machine to another Centos 7 virtual machine. I'm just new to Splunk and I don't quite understand what it means or how to even do it.

chinmoya · ‎07-25-2019

I am not quite sure what you want since the data provided are very limited.

But it seems like you want your data of one Splunk instance to be copied to another Splunk instance.
This can be done by indexer clustering.

Check out the below link it might help you out.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Basicclusterarchitecture

View solution in original post

chinmoya · ‎07-25-2019

I am not quite sure what you want since the data provided are very limited.

But it seems like you want your data of one Splunk instance to be copied to another Splunk instance.
This can be done by indexer clustering.

Check out the below link it might help you out.

https://docs.splunk.com/Documentation/Splunk/7.3.0/Indexer/Basicclusterarchitecture

What is aggregation in Splunk?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update