Is there a way for me to group all events by a list of hosts in one data center and then group all events by another list of hosts in another data center?
Specifically, I'd like to determine a traffic comparison between two sets of servers
You could use the tagging feature to identify hosts by location. See link below. If you have a large number of hosts you might want to use a look up and have that list of hosts come from a .csv file, for example.
http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Tagthehostfield
... tag = datacenter1
You could use the tagging feature to identify hosts by location. See link below. If you have a large number of hosts you might want to use a look up and have that list of hosts come from a .csv file, for example.
http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Tagthehostfield
... tag = datacenter1