SPLUNK
Article ID: 103773
Updated On:
Products
Compliance Event Manager
Issue/Introduction
Sending Events to two Splunk Server's
We have added a second SPLUNK server (testing purposes only) and would like to send the same events that we send to the production SPLUNK server. Is this possible?
We have added a second SPLUNK server (testing purposes only) and would like to send the same events that we send to the production SPLUNK server. Is this possible?
Environment
z/os
Resolution
Currently the only way to do this would be to
1) Create 2 SIEM actions one for Splunk node a, one for Splunk node b.
2) Then attach both actions to the 1 statement so when the statement is true, it will send the data to both Splunk’s
1) Create 2 SIEM actions one for Splunk node a, one for Splunk node b.
2) Then attach both actions to the 1 statement so when the statement is true, it will send the data to both Splunk’s
Feedback
Yes
No
Powered by
