I'm getting logs on port 9997 of my splunk server and they go straight to the "main" index. How do I change to go to the Index I created called "windows"?
inputs.conf file.
[monitor://] index = windows
make sure you create the index windows first.