cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ChrisMalt
Engager
Member since: ‎09-13-2022
‎09-14-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎09-13-2022
Activity Feed
Topics I've Started
View All

Re: One Application in 3 indexes?

by in Installation
‎09-14-2022 05:03 AM
‎09-14-2022 05:03 AM
So as I understand, apart from extra efforts in searches/correlations this has no impact Thank you for the detailed replies Chaker and Gcusello. One last question, are there any best practices for creating multiple indexes from the same application? Or just best practices for creating indexes, especially from a ES point of view? ... View more

One Application in 3 indexes?

by in Installation
‎09-13-2022 01:18 PM
‎09-13-2022 01:18 PM
Hello, We have Splunk in my new company and I am trying to understand Splunk and the environment. So, they have firewall logs (from one product) in 3 different indexes, one for traffic, one for threats and for other firewall logs. Is this normal? Seems a bit inefficient especially with regards to organization of logs and when searching. They also have combined 2 different firewall products into one of the indexes. I thought each product should have its own index? The person who did the deployment said that this was done for efficiency but this somehow seems to be counterproductive. Am I missing something when I have to search 3 different indexes to get complete results for a certain IP? Any advise is appreciated, Thank you, CM ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-14-2022 06:47 AM
Karma given to
View All