O'Reilly logo

Mastering Splunk by James Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Dealing with multiple indexes

If you do not set a specific index for a search, Splunk will use its main or default index (this might vary depending on the role(s) assigned to you and the default indexes currently configured). As a Splunk administrator, you can use Splunk Web, the CLI, or edit the indexes.conf file to create an unlimited number of additional indexes.

Reasons for multiple indexes

There are three main reasons why you might want (or need) to consider setting up more indexes in your Splunk environment. These are as follows:

  • Security: You can secure information using indexes by limiting which users can gain access to the data that is in particular indexes. When you assign users to roles, you can limit a user's searches to certain indexes ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required