Deployment Architecture

How to add a new index to a cluster


Hi I am new to setting up clusters and setting up a new cluster so apologies in advance if this is a simple question.

I would like to setup several new indexes on the cluster to prior to setting up the forwarders that will be be used for getting the data into the cluster.

From the documentation it looks like I should configure the indexes.conf file on the master and push to the peers but i am not sure of the exact location of the indexes.conf file or the contents of the file for the peer setup.

Should place the new indexes.conf file in /_cluster/local ?


Please may i have an example of a indexes.conf file for a new syslog index example something like tcp port 8100 its a for a cluster and its location?

Thanks in advance


0 Karma

Splunk Employee
Splunk Employee



Old question, but I'm answering in case somebody finds this question, just as I did:

The idea apparently is to keep a common set of indexes centrally managed on the master, i.e. keep indexes.conf in a bundle that you distribute to the peers from etc/master-apps.

Another way of doing it could be through the deployment server, but apparently the master apps is recommended.