We have an application log that is being stored in the main index instead of an index we have called application_name. How do I get the application log data into the index called application_name?
Hello! You can first create your index. During indexing your logs, you will be prompted to select the index. Just select your index, and everything will be ok.
Thanks
Hello! You can first create your index. During indexing your logs, you will be prompted to select the index. Just select your index, and everything will be ok.
Thanks
So I found that the index is created already. The application has 2 logs, one is going into the correct index, and one is going into the main. How can I set the other to go into the correct index?
You can set it both via splunk web or the configuration file.
Via splunk web:
First, create the index: Settings -->Indexes -->New
and create your index
Second, index your log: From splunk home, Add data--> Monitor
. Select the source, ......... At the Next screen, select the index, ........ ....