Splunk Search

How do I find the name of the index?

uayub
Path Finder

For performing archives, it seems I have to use the name of the index in the conf file. How do I know what index name is being used?

Thanks

Unis

Tags (2)
0 Karma

uayub
Path Finder

After reading the admin manual , it seems the default index name is main.

Thanks all.

Unis

0 Karma

uayub
Path Finder

As per the doc:

[]
coldToFrozenDir = ""

In the above what should be typed in for "index"

Also the doc mentions to create the change in the local directory. So how does this update the main indexes file in the default folder?

Thanks

0 Karma

Ayn
Legend

Huh. Could you explain in more detail what you mean?

0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...