Hi,
I have data coming in from multiple hosts using either syslog, or a universal forwarder, going into 3 heavy forwarders, and then forwarding to SplunkCloud.
I've created 3 indexes - Financial, Infrastructure, and Security - and I would like to separate the data by host name
So I want data from "financial_server1" to go to the "financial" index, and data from "Firewall_1" to go to the "Security" index.
Can someone give me an example of how this would be done?
Thanks,
JG
↧