• About Preview
  • About Preview
    • Welcome to Splunk Preview!
    • Installing Splunk Preview
    • Preview license information
    • Important changes in Splunk Preview
    • About Splunk Preview documentation
    • Developers involved
    • Tell us what you think
  • Known Issues in this Preview
    • General issues
    • Windows-specific issues
• New Splunk Web features
  • Changes to Splunk Web
    • Dashboard elements
    • Admin navigation
• New search-related features
  • crawl
    • Use crawl
    • Save a crawl
    • Configure crawl
    • Command syntax
    • Arguments
    • Examples
    • crawl.conf
  • Search command: addinfo
    • Syntax
    • Arguments
    • Examples
  • Search command: collect
    • Syntax
    • Arguments
    • Examples
  • Search command: eventstats
    • Syntax
    • Arguments
    • Examples
  • Search command: makemv
    • Syntax
    • Arguments
    • Examples
  • Search command: mvcombine
    • Syntax
    • Arguments
    • Examples
  • Search command: mvexpand
    • Syntax
    • Arguments
    • Examples
  • Search command: nomv
    • Syntax
    • Arguments
    • Examples
  • Search command: overlap
    • Syntax
    • Arguments
    • Examples
  • Search command: rawstats
    • Syntax
    • Arguments
    • Examples
• New reporting features
  • Summary indexing
    • How summary indexing works
    • Search commands useful to summary indexing
    • How to configure summary indexing
  • Configure summary indexing
    • Set up summary indexing via Splunk Web
    • Configure summary indexing via savedsearches.conf
    • Other configuration files affected by summary indexing
  • Best practices for summary indexing
    • General guidelines for summary indexing
    • Aggregated statistics
    • Gaps and overlaps
• New application and configuration features
  • Applications
    • View and manage applications
    • Browse SplunkBase
  • Indexes
    • View and manage indexes
    • Create new index
  • Configuration file architecture changes
  • Automatic header-based field extraction
    • How automatic header-based field extraction works
    • Configure automatic header-based field extraction
    • Note about search and header-based field extraction
    • Examples
• New Windows features
  • Install Splunk on Windows
    • Start Splunk
    • Install or upgrade license
    • Uninstall Splunk
  • Windows registry input
    • How it works
    • Get a baseline snapshot
    • What to consider
    • Configure Windows registry input
    • Hear from the developers!
  • WMI input
    • Security and remote access considerations
    • Configure WMI input
    • Source and source type for WMI data
    • Hear from the developers!

Indexes

In previous Splunk releases, you used the command line interface (CLI) to manage your indexes. Now, you can view your indexes, edit their properties, and add new indexes from the Admin page of Splunk Web.

Note: To apply any changes that you make to the indexes, such as editing properties or adding a new index, you must restart Splunk. In Splunk Web, you can restart the Splunk server from Admin > Server: Control Server. Just click Restart Now.

View and manage indexes

The Admin > Index: View/Manage Indexes page displays a table of all your indexes and their properties, including:

• The home path, or directory.
• The current size in MB.
• The maximum size in MB.
• A count of events.
• A timestamp for the latest event.
• A timestamp for the earliest event.

Edit index properties

Clicking on an index name opens a page that lets you view and edit that index's properties. Properties that you cannot change are grayed out and include:

• The index's name.
• The path to the fields and hot/warm databases.
• The path to the cold databases.
• The path to the thawed databases.

Properties that you can redefine include:

• The maximum size (in MB) of the hot database.
• The maximum size (in MB) of an index.

After you make your changes, click Update. Then, restart Splunk to apply your changes.

Create new index

The Admin > Indexes: Create Index page lets you define the properties for a new index. To create a new index, enter:

• A name for the index.
• The maximum size (in MB) of the hot database.
• The maximum size (in MB) of the index.

If you check Advanced settings, the list of properties expands. Advanced properties include:

• The maximum number of search results.
• The maximum number of warm database directories.
• The maximum number of cold databases open at any given time.
• The frequency that new hot database are to be created.
• The frequency that cold databases are to be frozen.
• The script and directory to archive the index's data.
• The number of concurrently running optimize processes.
• Whether to wait for optimize processes to finish or just kill them.
• The number of extra threads to use during indexing.
• The amount of memory (in MB) to allocate for indexing.
• The number of events to make up a block for block signatures.

After editing the index's properties, click Add. Then, restart Splunk to save and apply your changes.