How to index data in new index?

geetanjali · ‎05-11-2011

Hello,

I have created new index "myIndex". I want to index my new data in this index. I have done changes in input.conf.

[monitor: / "path"]
disabled = false
host_segment=5
index = myIndex

and have put my log files in specific path. and have restarted splunk. Still then my data is not indexed. its showing "0 events". when i am search with "index=myIndex".

i have checked _internal also. it is not showing any error. But in INFO it is showing :

-0400 INFO  TailingProcessor - Parsing configuration stanza: monitor:/"path".

 * host=Splunck-118   Options| * sourcetype=splunkd   Options| * source="path"/log/splunk/splunkd.log

What i am missing in my process? Need help.

Thanks in advance

Simeon · ‎05-11-2011

It is possible that your usage of path is not allowed.

Typically, it should look like:

[monitor://path/to/my/data]

Try using the splunk list monitor command to see if it picked up your file:

./splunk list monitor

How to index data in new index?

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Are you a member of the Splunk Community?

How to index data in new index?

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions