SPLUNK

Document ID : KB000103773
Last Modified Date : 04/07/2018
Show Technical Document Details
Introduction:
Sending Events to two Splunk Server's
Question:
We have added a second SPLUNK server (testing purposes only) and would like to send the same events that we send to the production SPLUNK server. Is this possible?
Environment:
z/os
Answer:
Currently the only way to do this would be to
1) Create 2 SIEM actions one for Splunk node a, one for Splunk node b.
2) Then attach both actions to the 1 statement so when the statement is true, it will send the data to both Splunk’s