This is a really broad question. What is the data source? Is it coming from a Universal Forwarder? Syslog? API pull?
If it is a UF, is it collected with a TA or is it via custom inputs?
Assuming it is a file being monitored by a UF with an inputs.conf, then just adjust the index there. Set index=new index
As mentioned in my previous comment: can you please provide some proper context on the issue? What configs do you have, what index does it go to, what index should it go to. You'll need to figure out the cause of the issue before anyone can tell you how to fix it.
As for moving the already misplaced data to the correct index: there is no simple method for that. You could export the respective raw events and then re-ingest them to the correct index. And once confirmed that they are ok, delete them from the old index.
What do you mean by fix this? Ensure future logs from that device go into the correct index? Or move the data that ended up in the wrong index, to the correct one?
What index did it go in to and what index should it have gone in to? What is the configuration you have for this input?
I mean fix this by get the data that is filtering into the wrong into the correct index. And also ensure future logs of this type filter into the correct index.
Is the data routed through a syslog server or is it going to a network port open directly on Splunk? Can you share your inputs.conf stanza for your Bluecoat data?