All Apps and Add-ons

Is it possible to forward data from index instead of Data models ?

New Member

I have installed Latest version of the Splunk App for CEF(2.0.1) in the clustered environment and it works fine , but my question here is can we forward the data from indexes or like (index=*) instead from data models . I have tried tweaking the search which the outputs produces and it seems doesn't work .
Or is there any way we can write all of the index data in outside of the splunk so I can monitor that data and feed it to our non-prod environment's
App is also only allowing to select one dataset for each DM for the output's , which leads to create more outputs list .

Thanks in Advance!

Tags (1)
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!