Hello.
In our company we already have a Splunk 5 setup with multiple search heads and indexers.
What I would like to do is setup a local Splunk instance, which would just accept REST API requests, simply relay them to the existing search head(s) and return back results.
As minimum data as possible are to be maintained on this light instance; I like to think of it as a query proxy.
Does Splunk support this topology?
If yes, which settings in the light instance should I look into? Or perhaps some page in the online docs that I have missed?
Thank you,
S.
UPDATE:
I forgot to clarify that, for whatever historical/obscure reason, direct REST API access to the search heads has been disabled.
... View more