Re: define index for my app

manikdham · ‎04-26-2012

i am creating a Splunk app. How do i define only a particular index to be used by the app. Only a particular index must be accessed from the app. where do i define the configurations.

sdaniels · ‎04-26-2012

In inputs.conf you'll define the index you want for all of your inputs. In indexex.conf you will define where the index is stored.

[yourindex]
homePath = $SPLUNK_DB/yourindex/db
coldPath = $SPLUNK_DB/yourindex/colddb
thawedPath = $SPLUNK_DB/yourindex/thaweddb
maxTotalDataSizeMB = 10000

Then in all of your app searches and reports they will reference your index (start with index=yourindex). There is no way to assign an index to an app that i am aware of similar to how you can assign indexes to roles.

yulsplunkops

What about defining this on a Cloud Index you create ? I get a defaut app assigned and there is no filed available to edit this.

Thanks

sdaniels · ‎04-26-2012

You can put in comments underneath the answers rather than creating a new answer. You create the app, which is only going to have views and dashboards on your index. Then you will create a user role that only has access to that index and give those users access to your app as well.

manikdham · ‎04-26-2012

i want to configure app such that i listens to data from particular index. Objective is to provide users accessing app access data from particular index. what is the other way i can do this.

manikdham · ‎04-26-2012

in which file do i make the changes....

bosburn_splunk · ‎04-26-2012

You can set this up by creating an index.conf in $SPLUNK_HOME/etc/apps//default and adding an index configuration there.

Brian

define index for my app

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms