Hello,
We have an application which runs on 2 servers, 1 is the active server and one is a hot standby so if one server fails the other automatically picks up, we can also force it to fail over as part of normal maintenance tasks.
The problem is, the application generates logs on the currently active server, but periodically the log directory in synchronized so that we have a full set of history on both machines to make sure if one ever goes down catastrophically we can recover.
Setting up a Splunk Universal Forwarder on each of the machines will send 2 copies of the logs to Splunk.
Is there some method people have used to stop ingesting duplicate log files/entries from what is essentially 2 separate systems?
Thanks,
Tony
↧
Is it possible to collect logs from Active/Standby application server pair without log duplication?
↧