https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567359#M197708 <P>Hi <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>,</P><P>Thank you for replying my question and helping.</P><P>I have variable hosts so I ran the command which was your mentioned. But&nbsp; I do not see the host and sourcetype fields in the new index and also orig_host field.&nbsp;&nbsp;</P><P>Thank you</P><P>Best Regards</P> Fri, 17 Sep 2021 07:33:33 GMT MesutUgurlu 2021-09-17T07:33:33Z https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567352#M197704 <P>Hi,</P><P>I want to copy some logs in one index to another index with the same host information. I use collect command to do this process. But when i copy, i see that all host information is the same and write search head ip address. So I cant search by looking host information. How can I do it? Can you help me?&nbsp;</P><P>Thanks.</P><P><BR />Best Regards</P> Fri, 17 Sep 2021 06:42:40 GMT https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567352#M197704 MesutUgurlu 2021-09-17T06:42:40Z https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567355#M197706 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/238584">@MesutUgurlu</a>,</P><P>if the host value is fixed, you could add the "host" option in the search you're using to copy events from indexes, for more infos see at&nbsp;<A href="https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Collect" target="_blank">https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Collect</A></P><P>If instead it's variable,&nbsp;you could modify you search in something like this:</P><LI-CODE lang="markup">index=your_index | table _time host sourcetype _raw | collect index=your_new_index</LI-CODE><P>in this way you'll be able to use the host field in searches but not using the host field, but the "orig_host" field.</P><P>Ciao.</P><P>Giuseppe</P> Fri, 17 Sep 2021 07:08:14 GMT https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567355#M197706 gcusello 2021-09-17T07:08:14Z https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567359#M197708 <P>Hi <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>,</P><P>Thank you for replying my question and helping.</P><P>I have variable hosts so I ran the command which was your mentioned. But&nbsp; I do not see the host and sourcetype fields in the new index and also orig_host field.&nbsp;&nbsp;</P><P>Thank you</P><P>Best Regards</P> Fri, 17 Sep 2021 07:33:33 GMT https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567359#M197708 MesutUgurlu 2021-09-17T07:33:33Z https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567360#M197709 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/238584">@MesutUgurlu</a>,</P><P>could you share one or two events in the new index generated by the search I hinted?</P><P>Ciao.</P><P>Giuseppe</P> Fri, 17 Sep 2021 07:36:31 GMT https://community.splunk.com/t5/Splunk-Search/Copy-logs-from-one-index-to-another-with-use-same-host/m-p/567360#M197709 gcusello 2021-09-17T07:36:31Z