I am specifically referring to app https://splunkbase.splunk.com/app/1493/ in this question. I am also wondering what other catches this may have, most namely can it run in a SH cluster.
When you configure the Data Inputs for your monitored sites, check the box for 'More settings' and you'll be able to select the destination index of your choosing. This is for each input/site that you add. Depending on your environment, you may also want to edit the searches on the built in dashboards to start with index=index_name if you change from the default.
You can use the app on all your SH's, but you'll want to configure the inputs on just 1 server. Only one needs to send data to your indexer(s). All of them can view it.
I did that and got the following error when trying to configure through data inputs:
Encountered the following error while trying to save: Validation for scheme=web_ping failed: The script returned with exit status 1.
Ultimately I need to figure this out in .conf files. I do not have the UI to configure things so I would imagine like most things splunk, I can build a conf file to make this all happen???
Thanks!
Seems like you have to explicitly select an index for the Website input.
I went to 'advance setting', instead of using default index, simply give it any available index. It should work.
Here's an example entry for a Data Input configured in an inputs.conf file.
[web_ping://CNN]
index = website_monitoring
interval = 1
source = CNN
title = CNN
url = http://www.cnn.com/
user_agent = Splunk Website Monitoring (+https://splunkbase.splunk.com/app/1493/)
Also how do I redirect these events to a specific index?