For a single monitor in inputs.conf, is it possible to add multiple index names?
index = index1, index2
Basically, I want the same log files available to two custom indexes.
Can you be more detailed about what you are trying to do with monitoring the log files and having them go to separate indexes vs one index. What function are you trying to accomplish.
There could be another way.
This is not possible.
Hi and thank you. All I'm trying to do is monitor the same set of log files in a single entry in the inputs.conf file but assign it two index names. Perhaps there is a better way to do this other than creating a duplicate entry and assigning it the second index name.
Sorry if I'm not making too much sense as I'm a Splunk newbie!
No, you cannot route data to two different indexes via inputs.conf.
Are you trying to achieve a High Availability(HA) architecture with a Disaster Recovery(DR) position ?
Splunk Indexers can replicate raw data to secondary indexers in a mirrored cluster.
Also, Splunk Forwaders can load balance and data clone over multiple indexers.Check out the example configs in outputs.conf
Can you explain what you are trying to accomplish here?
You can send the events to several indexes if you breakout the events types in separate stanzas as listed in this article. To my knowledge you can not send to several indexes the way you have listed.
http://docs.splunk.com/Documentation/Splunk/latest/admin/Setupmultipleindexes