Solved: Two diffent indexes

arkonner · ‎04-06-2016

Is it possible to send different logs on two different indexes

[default]
host = EDGE1

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0

[WinEventLog://Microsoft-Windows-WinNat/Oper]
disabled = 0
index = DAlogs
whitelist = 1017,4303,2000,4304,1018

[monitor:///C:\Program Files\log_nlb]
disabled = 0
sourcetype = csv
index = nlb_log

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

View solution in original post

somesoni2 · ‎04-06-2016

Yes, the index name is available for each data input stanza and each input stanza can be configured to a different indexes (index should exist on the indexer)

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

arkonner · ‎04-07-2016

The sintax in the inputs.conf reported above is it correct? Can you please add an example

Two diffent indexes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation