We have a multiple logs in a single server. But, I want to separate those logs to control access. Can we send different log files to different indexes so that we can segrate the logs to users?
If you have a universal forwarder installed on your host, yes-you can send those logs to different indexes...for instance you can have your inputs configured this way..
inputs.conf
[monitor:///var/log/httpd]
sourcetype = access_common
index = web_access
[monitor:///var/log/messages]
sourcetype = syslog
index = linux_os
@bwniranjan,
Yes of course! You can use multiple indexes in same indexer .
Read though this documentation and let us know in case you have further questions.
How to create multiple indexes
Monitor files and directories with inputs.conf
Input conf for monitor