Managing Splunk indexes

When you add data to Splunk, the indexer processes it and stores it in a designated index (either, by default, in the main index or in the one that you identify). You can (if you are an administrator) manage Splunk indexes to suit your environmental needs or meet specific business requirements.

Getting started

Splunk index management starts with gaining an understanding of which indexes currently exist. To see a list of the indexes (using Splunk Web) you can go to Settings and then click on Indexes:

The Indexes page lists every index that is currently defined, including Splunk's preconfigured indexes: _audit, main, and _internal ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Splunk by James Miller

Managing Splunk indexes

Getting started

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly