I have 2 ESX servers which I've configured to send the syslog to a splunk version 6 instance. It then forwards the data to another splunk instance. I would like to see the data on the second splunk box, but with 2 diffrent users where each user sees only one server.(i.e user1 will see data for esx 126.96.36.199 and user2 will see data from 188.8.131.52).
I've tried configuring 2 indexes and restrict the users by index but it seem not to show anything when I log in with these users.
Is there an easy/smart way to restrict this/perform this operation?
Thanks in advanced
... View more