Splunk Enterprise

How do you name a splunk index when making the index?

obesechicken13
Explorer

Hi. I'm trying to recreate a splunk index. The index exists in the http search url. https://splunk.mycompany.com/en-US/app/launcher/home

But not in the restapi search head
https://stuff_splunk-search05:8089/services/search/jobs/export

So then I thought, one way to automate getting the data I want from the search head is just to reverse engineer the index from the http search url.
http://dev.splunk.com/view/SP-CAAADQT

The other would be to upload a script to splunk and then run it on a schedule but that's also something I don't know how to do.

I've never made an index. Before I asked someone in my company I just wanted to quickly ask here, how do you set the name of an index? It wasn't too explicit in the instructions.

Tags (2)
0 Karma
1 Solution

obesechicken13
Explorer

So mr. obesechicken13. It seems your search head does not have the same data as the splunk server has. There's no way to automate getting the data that you want.

View solution in original post

0 Karma

obesechicken13
Explorer

So mr. obesechicken13. It seems your search head does not have the same data as the splunk server has. There's no way to automate getting the data that you want.

0 Karma

obesechicken13
Explorer

thanks mr. obesechicken13

0 Karma

obesechicken13
Explorer

haha. not yet. I'll report back when I solve it.

0 Karma

Ayn
Legend

Did you solve your issue? Your question confuses me, but if you got it sorted out, great. 🙂

0 Karma

sdaniels
Splunk Employee
Splunk Employee

You can create indexes in Manager > Indexes. Then when you create inputs you'll assign your newly create index.

http://docs.splunk.com/Documentation/Splunk/latest/admin/Setupmultipleindexes#Create_and_edit_indexe...

obesechicken13
Explorer

Thanks. I don't have permission to access the indexes from there though, and it wouldn't help if I did. I'm using a different account with different permissions through the rest api.

0 Karma
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...