Solved: Two diffent indexes

arkonner · ‎04-06-2016

Is it possible to send different logs on two different indexes

[default]
host = EDGE1

[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0

[WinEventLog://Microsoft-Windows-WinNat/Oper]
disabled = 0
index = DAlogs
whitelist = 1017,4303,2000,4304,1018

[monitor:///C:\Program Files\log_nlb]
disabled = 0
sourcetype = csv
index = nlb_log

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

View solution in original post

somesoni2 · ‎04-06-2016

Yes, the index name is available for each data input stanza and each input stanza can be configured to a different indexes (index should exist on the indexer)

ddrillic · ‎04-06-2016

Sure, in the monitor, you specify the exact log path and its corresponding index.

arkonner · ‎04-07-2016

The sintax in the inputs.conf reported above is it correct? Can you please add an example

Two diffent indexes

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Two diffent indexes

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...