Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

possible to add multiple index names inside inputs.conf

jonathan_lam
Explorer
‎10-10-2011 11:09 AM

For a single monitor in inputs.conf, is it possible to add multiple index names?

index = index1, index2

Basically, I want the same log files available to two custom indexes.

Tags (2)
0 Karma
Reply

kdenton
Path Finder
‎10-11-2011 10:45 AM

Can you be more detailed about what you are trying to do with monitoring the log files and having them go to separate indexes vs one index. What function are you trying to accomplish.

There could be another way.

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎10-11-2011 08:41 AM

This is not possible.

0 Karma
Reply

jonathan_lam
Explorer
‎10-11-2011 06:55 AM

Hi and thank you. All I'm trying to do is monitor the same set of log files in a single entry in the inputs.conf file but assign it two index names. Perhaps there is a better way to do this other than creating a duplicate entry and assigning it the second index name.

Sorry if I'm not making too much sense as I'm a Splunk newbie!

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎10-11-2011 08:40 AM

No, you cannot route data to two different indexes via inputs.conf.

Reply

Damien_Dallimor
Ultra Champion
‎10-10-2011 02:55 PM

Are you trying to achieve a High Availability(HA) architecture with a Disaster Recovery(DR) position ?

Splunk Indexers can replicate raw data to secondary indexers in a mirrored cluster.

Links to docs

Also, Splunk Forwaders can load balance and data clone over multiple indexers.Check out the example configs in outputs.conf

Link to outputs.conf overview

0 Karma
Reply

kdenton
Path Finder
‎10-10-2011 12:12 PM

Can you explain what you are trying to accomplish here?

You can send the events to several indexes if you breakout the events types in separate stanzas as listed in this article. To my knowledge you can not send to several indexes the way you have listed.

http://docs.splunk.com/Documentation/Splunk/latest/admin/Setupmultipleindexes

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...