...ays:
1. Splunk Web
2. CLI
3. Edit indexes.conf
When using CLI (2), indexers.conf is created in $SPLUNK_HOME/etc/apps/search/local
When editing indexes.conf (3) it says to put it in $S...
...ble to create a search string like: host="my_fwd_server.net" index="fwd_index" , etc.
Is this possible or is this unnecessary for the data coming from the forwarder since I know the hostname?
T...
...nstall of splunk customindexes for each log type above the only events I seem to get in the logs are from the date that the customindexes are created and not back to the first log entry on the server....
Hello Splunkers, Is it possible to limit the searchable indexes within a custom app ? For instance, if I create a new app called "myapp" and inside the Search tab of this app, I want to only b...
...dding an Index to the cluster manager's indexes.conf I am getting this error "Failed to create directory". Does it mean the cluster manager must have the same number of hard disks as the index...
...o do is to set additional default fields based on other default field which is "source". Is it possible at all? Would the "source" already exist and be available at that point to create additional f...
Report acceleration is failing because splunk cannot create the folder for the summary (summaryHomePath ).
This seems linked to my custom homePaths.
It works for this index, and the folder /o...
Hi everyone. I've been going back and forth through the docs and other answers posted here, but nothing definitive in answering my question.
I want to create a new field at index time which w...
Hi
I know that splunk automatically creates default fields like host,sourcetype,index at index time.And also the splunk provides a option to create any new fields also during index time.
My r...