Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to get a log in an index other than main?

itis_vendors
New Member
‎06-12-2015 03:15 AM

We have an application log that is being stored in the main index instead of an index we have called application_name. How do I get the application log data into the index called application_name?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

stephanefotso
Motivator
‎06-12-2015 03:57 AM

Hello! You can first create your index. During indexing your logs, you will be prompted to select the index. Just select your index, and everything will be ok.

Thanks

SGF

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

stephanefotso
Motivator
‎06-12-2015 03:57 AM

Hello! You can first create your index. During indexing your logs, you will be prompted to select the index. Just select your index, and everything will be ok.

Thanks

SGF
0 Karma
Reply
Solved! Jump to solution

itis_vendors
New Member
‎06-12-2015 04:25 AM

So I found that the index is created already. The application has 2 logs, one is going into the correct index, and one is going into the main. How can I set the other to go into the correct index?

0 Karma
Reply
Solved! Jump to solution

stephanefotso
Motivator
‎06-12-2015 04:46 AM

You can set it both via splunk web or the configuration file.

Via splunk web:
First, create the index: Settings -->Indexes -->Newand create your index
Second, index your log: From splunk home, Add data--> Monitor. Select the source, ......... At the Next screen, select the index, ........ ....

SGF
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...