IT & IoT Security | Cloud | It's all about the life itself

Nothing in life is as important as you think it is, while you are thinking about it.

Splunk – Define index in inputs.conf

baris.ca
January 12, 2020January 12, 2020
No Comment

Hello,

Here is a very simple sample stanza for inputs.conf file.

[WinEventLog://Application]
disabled = 0
index = winevent_app

[WinEventLog://Security]
disabled = 0
index = winevent_sec

[WinEventLog://System]
disabled = 0
index = winevent_sys

PS. Here in this tutorial the indexes were created on Splunk 7.x before editing the conf file.

As it is seen above , ingestion has started under the respective index as defined in conf file.