Splunk Enterprise

How do you name a splunk index when making the index?

obesechicken13
Explorer

Hi. I'm trying to recreate a splunk index. The index exists in the http search url. https://splunk.mycompany.com/en-US/app/launcher/home

But not in the restapi search head
https://stuff_splunk-search05:8089/services/search/jobs/export

So then I thought, one way to automate getting the data I want from the search head is just to reverse engineer the index from the http search url.
http://dev.splunk.com/view/SP-CAAADQT

The other would be to upload a script to splunk and then run it on a schedule but that's also something I don't know how to do.

I've never made an index. Before I asked someone in my company I just wanted to quickly ask here, how do you set the name of an index? It wasn't too explicit in the instructions.

Tags (2)
0 Karma
1 Solution

obesechicken13
Explorer

So mr. obesechicken13. It seems your search head does not have the same data as the splunk server has. There's no way to automate getting the data that you want.

View solution in original post

0 Karma

obesechicken13
Explorer

So mr. obesechicken13. It seems your search head does not have the same data as the splunk server has. There's no way to automate getting the data that you want.

0 Karma

obesechicken13
Explorer

thanks mr. obesechicken13

0 Karma

obesechicken13
Explorer

haha. not yet. I'll report back when I solve it.

0 Karma

Ayn
Legend

Did you solve your issue? Your question confuses me, but if you got it sorted out, great. 🙂

0 Karma

sdaniels
Splunk Employee
Splunk Employee

You can create indexes in Manager > Indexes. Then when you create inputs you'll assign your newly create index.

http://docs.splunk.com/Documentation/Splunk/latest/admin/Setupmultipleindexes#Create_and_edit_indexe...

obesechicken13
Explorer

Thanks. I don't have permission to access the indexes from there though, and it wouldn't help if I did. I'm using a different account with different permissions through the rest api.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...