Solved: Re: Two diffent indexes

arkonner · ‎04-06-2016

Is it possible to send different logs on two different indexes

[default]
host = EDGE1

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0

[WinEventLog://Microsoft-Windows-WinNat/Oper]
disabled = 0
index = DAlogs
whitelist = 1017,4303,2000,4304,1018

[monitor:///C:\Program Files\log_nlb]
disabled = 0
sourcetype = csv
index = nlb_log

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

View solution in original post

somesoni2 · ‎04-06-2016

Yes, the index name is available for each data input stanza and each input stanza can be configured to a different indexes (index should exist on the indexer)

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

arkonner · ‎04-07-2016

The sintax in the inputs.conf reported above is it correct? Can you please add an example

Two diffent indexes

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms