Hi I am new to setting up clusters and setting up a new cluster so apologies in advance if this is a simple question.
I would like to setup several new indexes on the cluster to prior to setting up the forwarders that will be be used for getting the data into the cluster.
From the documentation it looks like I should configure the indexes.conf file on the master and push to the peers but i am not sure of the exact location of the indexes.conf file or the contents of the file for the peer setup.
Should place the new indexes.conf file in /_cluster/local ?
$SPLUNK_HOME/etc/master-apps
/_cluster
/default
/local
/
/
...
Please may i have an example of a indexes.conf file for a new syslog index example something like tcp port 8100 its a for a cluster and its location?
Thanks in advance
John
... View more