hvaghani221
commented
1 year ago Installing multiple connectors within the same cluster is not recommended as it can introduce unexpected behaviour and data duplication.
You can do index routing using the splunk.com/index pod or namespace annotation. It is also recommended way to send events to different indexes from different namespaces/pods.
<
What would you like to be added: After reading issue #735 I'm left with the impression it is not possible to install multiple namespaced SCK instances. Is this true? If so, is there a workaround that can be applied?
Why is this needed: I would like to have multiple SCK instances on one cluster, each in their own namespace. Each namespace will use a unique HEC token that is specific to a single index controlling data separation. In this case system oriented logs will go into an indexA and tenant application logs will go into a separate indexB. A total of 2 SCK namespaces is needed on one cluster to support this requirement. I do not have the ability to modify the HEC token so that it works with multiple indices, so using multiple namespaced SCK instances seems my only option.