With almost no experience I recently was appointed as Splunk admin when the previous one quit. There is no documentation on how the system is set up so the first thing I am trying to do is get an idea of how everything works together. I am working with Ubuntu indexers and a windows search head. How can I tell which systems are forwarding to the indexers, and where is the config for archiving located on the indexer? Any other help is greatly appreciated too.
↧