×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
KCM
Engager
Member since: ‎01-24-2023
‎01-24-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-24-2023
Activity Feed
View All

How to send data to multiple indexes?

by in Getting Data In
‎01-24-2023 11:12 AM
‎01-24-2023 11:12 AM
Hello Experts.. Configuring the inupts.conf file I am trying to send data from the same windows log to multiple index's for separate dashboards. I think some sort precedence is blocking some of the data. Here is what I was trying to accomplish. Is there a better way to get where I'm trying to go?   [WinEventLog://Application] disabled = 0 index = WINDOWS start_from = oldest [WinEventLog://System] disabled = 0 index = WINDOWS start_from = oldest [WinEventLog://Security] disabled = 0 index = WINDOWS start_from = oldest ######## Separate to send USB bus traffic ########## [WinEventLog://Security] disabled = 0 index = USB start_from = oldest whitelist = 1234,4321,5467, etc [WinEventLog:/Microsoft-Windows-DriverFrameworks-UserMode/Operational] disabled = 0 index = USB start_from = oldest interval = 1000,1001,1002,1003   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-24-2023 04:31 PM
Karma given to
View All