Solved: Two diffent indexes

arkonner · ‎04-06-2016

Is it possible to send different logs on two different indexes

[default]
host = EDGE1

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0

[WinEventLog://Microsoft-Windows-WinNat/Oper]
disabled = 0
index = DAlogs
whitelist = 1017,4303,2000,4304,1018

[monitor:///C:\Program Files\log_nlb]
disabled = 0
sourcetype = csv
index = nlb_log

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

View solution in original post

somesoni2 · ‎04-06-2016

Yes, the index name is available for each data input stanza and each input stanza can be configured to a different indexes (index should exist on the indexer)

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

arkonner · ‎04-07-2016

The sintax in the inputs.conf reported above is it correct? Can you please add an example

Two diffent indexes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation