Topics

| pdf version

Getting Started

How Splunk Works

Configuring a Splunk Deployment

Data Inputs

Hosts

Source Types

Timestamp Recognition

Events

Event Types

Meta Events

Fields

Segmentation

Saved Searches and Alerts

Authentication

Granular Access Control

Data Distribution

Distributed Search

Deployment Server

Index Management

Bundles

SplunkBase

Performance Tuning

Routine Maintenance

How-To

Troubleshooting

Reference


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Enable cloning

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4

Enable cloning

Cloning is configured in the outputs.conf file on the forwarding server. You will set up a target group of receiving servers to which the forwarder will send all its data.


On the forwarding server, add the following to $SPLUNK_HOME/etc/bundles/local/outputs.conf: 


[tcpout]
heartbeatFrequency=10
maxQueueSize=10000
[tcpout:indexer1]
server=10.1.1.197:9997
[tcpout:indexer2]
server=10.1.1.200:9999

This configuration will send every event to both 10.1.1.197:9997 and 10.1.1.200:9999. Make sure you enable receiving on all the servers you are sending cloned data to.

Retrieved from "http://www.splunk.com/base/Documentation/3.1.1/Admin/EnableCloning"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.