Hello,
I have a single node running all the components of Splunk.

I've read your answer a few times and I'm having a hard time understanding as I'm very new to Splunk.

Maybe I'm using the terms wrong but the way I see "indexes" are like virtual disks and I just want to specify which place to put injest the data for a particular app.

The app is currently using "_internal" but I want it to use another index I created because its on a bigger physical disk.

How do I modify the app to use another index?

_internal is a special case, because it’s only for logs generated by the Splunk process (I.e Splunk’s own logs) You can not (afaik) redirect logs destined for internal to another index. You would have to move the whole index to another disk if you are running out of space. Is this what you would like to do? (What os are you using?)

I'm running Ubuntu 16.04.

_internal isn't running out of space quite yet but that's good to know that I'd have to do that if is in the future.

About "redirecting" data to another index in general, if I wasn't talking about _internal but another none special case index.

Is there a way to redirect the data to an index of choice by like an "inputs conf" file for the app?

Yes, exactly that. Every input will normally specify a target index (if it doesn’t, it will use the default index, which is usually main) You can override an input by modifying the /local/inputs.conf file (creating it if necessary)

In the local inputs.conf for the given stanza you modify
[monitor::///somepath/somefile.log]
Index = yourIndex

Apologies for poor formatting/typos. I am on a phone 🙂