Send log in another index based on a tag

Deployment Architecture

Hello,

I am using docker and I send all containers logs using logspout into a TCP input on Splunk.
Before trying to use Splunk, I was using Graylog. It was possible to extract logs from an input to send it into a specific index, based on a tag.

This is what I am trying to do with Splunk : all logs from all my containers are send in only one input and in consequence into only one index.
Is there a way to apply the same thing that I was doing using Graylog, using the web GUI mostly?

The main goal is to aggregate all logs from one container only into one dedicated index.

Thanks for your help.

Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...