I have few questions regarding splunk server data.
1. where does data is stored in splunk server, I am using universal forwarder to send the data to splunk.
2. How can i delete the data based on hostname. I want to delete all data based on the hostname
3. How can i sync the data between two splunk servers.
1: On your indexers, check here:
$SPLUNK_HOME/etc/system/{default|local}/indexes.conf
2: As far as hiding events from all further searches, like this:
My Search Details Here host=MyHostToDelete | delete
3: You can set up an indexer cluster with help here:
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Clusterdeploymentoverview
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Aboutclusters