Solved: Two diffent indexes

arkonner · ‎04-06-2016

Is it possible to send different logs on two different indexes

[default]
host = EDGE1

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0

[WinEventLog://Microsoft-Windows-WinNat/Oper]
disabled = 0
index = DAlogs
whitelist = 1017,4303,2000,4304,1018

[monitor:///C:\Program Files\log_nlb]
disabled = 0
sourcetype = csv
index = nlb_log

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

View solution in original post

somesoni2 · ‎04-06-2016

Yes, the index name is available for each data input stanza and each input stanza can be configured to a different indexes (index should exist on the indexer)

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

arkonner · ‎04-07-2016

The sintax in the inputs.conf reported above is it correct? Can you please add an example

Two diffent indexes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation