Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can we search indexes in Splunk EnvironmentA (Unix) from another Splunk EnvironmentB (Windows) and vice versa?

rsathish47
Contributor
‎07-13-2015 10:58 PM

Hi All,

We have two different Splunk environment one is Unix and another is in Windows. Is their way to read (search) the indexes cross platform. Please let us know how to configure this.

Thanks
Sathish Rangan

Reply

sduff_splunk
Splunk Employee
Splunk Employee
‎07-13-2015 11:38 PM

Hi Sathish,

You can move the index files between Unix and Windows systems. The main thing you need to be concerned about is that you can't move buckets created by a 64-bit version of Splunk to a system running 32-bit.

Instructions for doing so can be found at http://docs.splunk.com/Documentation/Splunk/6.2.4/Indexer/Moveanindex . Also read the following Splunk > answers post, http://answers.splunk.com/answers/32176/is-it-possible-to-migrate-indexed-buckets-to-a-different-ind...

Cheers,
Simon

Reply

rsathish47
Contributor
‎07-14-2015 12:41 AM

Thank you sduff,

But we dont want to move the index just want to read(search) the data from another platform(search head)

Thanks
Sathish Rangan

0 Karma
Reply

sduff_splunk
Splunk Employee
Splunk Employee
‎07-14-2015 12:46 AM

Ah, OK, if I understand you, Splunk does that easily.

You want to use Distributed Search, which configures your search head to query the data stored on the indexers. http://docs.splunk.com/Documentation/Splunk/6.2.4/DistSearch/Configuredistributedsearch#Use_Splunk_W...

There are no issues with different OSs or environments communicating with one another.

Reply

rsathish47
Contributor
‎07-14-2015 03:35 AM

thank you sduff .. will try that.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...