Forums: SplunkPreview: write specified sourcetypes to index

Previous Topic: Splunk 3.2.3 Windows crashing (it seems) randomly | Next Topic: Permission denied db-hot

Posts 1–2 of 2 | Post to this topic

posted by: PeterBauer71 | posts
date: June 30, 2008
permalink

Hello

I'm new to Splunk and one of my first testings was to create a sourcetype reexp to filter special data. Now in the next step, I try to move this sourcetypes to a special index.
My question now is, is this possible that splunk recognize that this data is in that format and write it to the special index. Or is it not possible because at the recognize process, the data have been written to the default index ?

Thanks
R

posted by: PeterBauer71 | posts
date: June 30, 2008
permalink

[AppRedirect]
REGEX = Application
DEST_KEY = _MetaData:Index
FORMAT = Verbose

Found this in the documentation and resolved my problem ! Thanks

Post to this topic

You must be logged in to post a reply.

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink:

Browse all videos » « Close window and return to article