All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Add-on for Microsoft Windows: How do I specify which index to send data to?

andrewtrobec
Motivator
‎05-19-2022 11:00 AM

Hello,

I've just installed the Splunk Add-on for Microsoft Windows and I will be collecting data from UFs that forward first to a HF and then to an indexing cluster.  The app will be deployed to multiple UFs via deployment server.  I only want to collect data from the machines that the UFs are installed on.

I see that there is no way to specify within inputs.conf which index to send the data to.  I've read the documentation but I still don't understand how.  I've even found this post which discusses the same topic but doesn't really provide me with an answer that I understand (sends me to documentation for older version of the add-on).

Could somebody please give me a push in the right direction?

Thank you and best regards,

Andrew

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-19-2022 11:44 AM

Specify the destination index in inputs.conf.  Simply insert a new line in the appropriate stanza with index = followed by the name of index.  See the examples at https://docs.splunk.com/Documentation/WindowsAddOn/8.1.2/User/Configuration#Configure_inputs.conf

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

andrewtrobec
Motivator
‎05-19-2022 01:28 PM

@richgalloway thank you so much, I don't know how I didn't figure that out.

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-19-2022 11:44 AM

Specify the destination index in inputs.conf.  Simply insert a new line in the appropriate stanza with index = followed by the name of index.  See the examples at https://docs.splunk.com/Documentation/WindowsAddOn/8.1.2/User/Configuration#Configure_inputs.conf

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...