I'm looking at this screen - it says "Data inputs" but lists a bunch of splunk home folders. I thought splunk home would be where the data goes to, not where it comes from. I consider an "input" to be a "from", so makes no sense to me for splunk to be there. I was expecting to see a bunch of systems and their log files as inputs, yet so far I cannot find any of (I just got admin and our splunk system seems to have a lot of everything, so it must be hidden in there somewhere).                               I've looked at the "Datasets" - 168 of them and none seem to be what I am looking for. ... View more

I guess my real question is how do I move Splunk from one company to another, including some but not all of the data and the indexes for the selected data? I see I can copy config and indexes from the $SPLUNK_HOME, but indexes are (I guess) just metadata, referencing other data. So, a search will read the index, then use that to get the data to return and display. I am going to guess Splunk will make a copy of the indexed data, because data sources can disappear for various reasons and that would not be ideal for later searches.   ... View more