Solved: Does 5 automatically search all indexes?

cramasta · ‎11-08-2012

Did v5 change so that you automatically search against all indexes by default.

Before I would have to do a "index=custom sourcetype=foo" now I just do a "sourcetype=foo" and it works with out calling out the index. Pretty sure in 4.* the main index was only searched when not specifying a index.

gfrjonp · ‎11-08-2012

Under the Manager -> Access controls -> Roles (Pick one like admin) you can specify what indexes are searched by default.
I have specifically set mine to "all non-internal indexes" this searches everything by default. Other roles only search the pertinent indexes.

*Edit: To answer your real question, no v5 didn't change. My fresh install still only shows main as the default searched index. I tested build 140868.

View solution in original post

gfrjonp · ‎11-08-2012

Under the Manager -> Access controls -> Roles (Pick one like admin) you can specify what indexes are searched by default.
I have specifically set mine to "all non-internal indexes" this searches everything by default. Other roles only search the pertinent indexes.

*Edit: To answer your real question, no v5 didn't change. My fresh install still only shows main as the default searched index. I tested build 140868.

Does 5 automatically search all indexes?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio