We are planning to expand existing Splunk setup.
Present : We have one Splunk indexer (172.16.XX.XX) , we are forwarding data to that indexer and accessing Splunk UI for that server.
Planning : one new indexer in new server (172.16.XX.XX) and one search head in new server (172.16.XX.XX).
Final setup : Two indexers and one search head.
Below are some queries,
• Here, What do we need to install one new indexer and search head ?
• How we can forward data to the new indexer and to the old indexer from all the forwarders ? How we can access Splunk UI for new search head. Any ports or any routes we need to open on new servers ?
• Here, we will forward data to the both new and old indexers , we can access splunk UI for new search head. How we can see the indexing data in Splunk UI ?
... View more