I am trying to ingest a csv file and have indicated in the UF inputs.conf file as shown below [monitor://C:\<directory>\file.csv] index = csv_data sourcetype = csv crcSalt = <SOURCE> I created a new index on the Splunk GUI page and even added the new index in indexes.conf on the Splunk machine. However, it seems like the data is not ingesting to the index 'csv_data' which I indicated. When I change the index in the UF inputs.conf to my lastChanceIndex, for some reason, it starts to ingest the csv data.  How do I make the data ingest to the csv_data index instead of the lastChanceIndex? Am I missing a step? ... View more

Hi, hopefully this is the right place to ask. I am pretty new to MS SQL as well as Splunk, so am curious what is the simplest way to pipe MS SQL data (the Change Data Capture data/table in particular) to Splunk, and wondering if anyone here has done/tried it? I currently have Universal Forwarder set up on my Windows machine, and able to pipe Event Viewer stuffs to Splunk. Looked into Splunk DB Connect, but the setup process seems to be a little too complicated for me (installed Java, but not sure how to go from there). I am unsure if I am able to achieve what I want through Universal Forwarder (as my MS SQL uses Windows Authentication and from what I've read it says Windows Authentication is not supported in Universal Forwarder. Do correct me if I am wrong.). Appreciate any help. 🙂 ... View more