Hi, I have Splunk App Stream (splunk_app_stream) and Splunk Add-on for Stream Forwarders (splunk_TA_stream) installed on the single Splunk instance where server is acting as both indexer and search head. Splunk App Stream offers various streams out of the box, including Netflow. I've managed to get the Netflow data into the Splunk App Stream using streamfwd.conf on port 2055.  Netflow stream offered by Splunk App Stream out of the box index data into default index, i would like to change it to a my own dedicated index 'Netflow_logs'. The Splunk App Stream UI offers ac drop down to select your own preferred option, i would like to do this with changing or editing the config file or file manipulation in the /opt/splunk/etc/apps/ splunk_app_stream or in the  /opt/splunk/etc/apps/splunk_TA_stream - not through the UI, not not keen to the API either.    If we are not allowed to edit the out of the box netflow stream offered by Splunk App Stream, is there a way to create a new config file which will configure new stream for example 'netflow_stream' and have it to index into 'netflow_logs' index using file manipulation? Can someone share some thoughts if this can be achieved using file manipulation? Thanks in advance   ... View more

Hi All, I would like to read Splunk indexed log/data using text editor tool (like Notepad, etc.). I understand Splunk indexed logs are compressed and further processed which creates a Splunk only readable format (Not-Human readable) - which works well for searching or other capabilities of Splunk.  But, wondering if there is way to convert these indexed logs into a human readable format?   ... View more