7.1 Overview

The Distributed Search feature facilitates searching events and reporting event data from local and remote Sentinel Log Manager servers. When you are working with multiple servers, you can perform a search or run a report on just one server and have it automatically run a search or report across the selected remote servers. The server on which the search is initiated is referred to as the search initiator, and the remote servers are referred to as the search targets or target servers.

When you run a search or report on the search initiator, search queries are sent to each selected target server. The target server authenticates the search initiator server, using a password that is exchanged during configuration. Event data is returned to the search initiator, where it is merged, sorted, and consolidated for presentation. Individual search results display the target servers from which they were received. The search status for each server is available for viewing and troubleshooting.

Figure 7-1shows an illustration of how you can set up the Sentinel Log Manager servers across the globe for distributed searching and reporting.

Figure 7-1 Distributed Search Setup