I want to import a large set of files, one time, into a cluster. Reading the documentation here:
http://docs.splunk.com/Documentation/Splunk/6.2.1/Data/MonitorfilesanddirectoriesusingtheCLI
It's not obvious to me how to specify all 20 index nodes that I want to target with the import. For monitored files, I use the outputs.conf to specify the 20 indexers and ports... I'm not sure how to replicate this with "add oneshot".
Any advice?
The recommended method is to setup a forwarder, configure the outputs,conf to loadbalance to them
then run the oneshot on the forwarder.
Otherwise, If the log are available from the indexers , you can use the oneshot on the one of the indexers and rely on the replication to later replicate the data accross the indexers.
The recommended method is to setup a forwarder, configure the outputs,conf to loadbalance to them
then run the oneshot on the forwarder.
Otherwise, If the log are available from the indexers , you can use the oneshot on the one of the indexers and rely on the replication to later replicate the data accross the indexers.
I configured the forwarder; working like a charm. Thanks!