So this is how I did it however not sure how your environment is set up. I have a distributed environment with a single site cluster with a splunk master a deployer and a search head.
First
I deployed a new index which I named I also specified any data retention policies here.
[app_name-os]
repFactor = auto
coldPath = $SPLUNK_DB/app_name-os/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/app_name-os/db
maxTotalDataSizeMB = 2000
thawedPath = $SPLUNK_DB/app_name-os/thaweddb
Second I installed the Unix Add-on on the indexer and the search head
Then I renamed all my inputs to send to the index i created above and it worked.
... View more