You can also use parentheses to partition different searches to certain indexes.
Partition different searches using parentheses But, you can't use a wildcard to match both types of indexes at the same time. You can use a wildcard to to match all of the non-internal indexes or all of the internal indexes. To match internal indexes using a wildcard, use _* in your search, like this: For example, if you want to search both "mail" and "main" indexes, search for: You can use a wildcard ( * ) to specify groups of indexes. Specify groups of indexes using wildcards In this case, the field name is index and the field value is the name of a particular index: You can specify different indexes to search in the same way that you specify field names and values. Control the indexes that particular role has access to, as well as the default search indexes. Click the role that the User has been assigned to.Ĥ. For more information about setting up users and roles, see "About users and roles" in Securing Splunk Enterprise.įor more information about managing your indexes and setting up multiple indexes, see the "About managing indexes" in the Managing Indexers and Clusters manual.Ģ. The user can then specify a subset of these indexes, either an individual index or multiple indexes, to search. For example the user might be able to only search main or all public indexes. Based on the roles and permissions, the user might have access to one or many indexes. The Splunk administrator can set the default indexes that a user searches. Specify one or multiple indexes to search
Additionally, when you have data split across different indexes, you can search multiple indexes at once, using the index field.
With the Splunk platform, you have always been able to create new indexes and manage where you want to store your data.
0 kommentar(er)
