I configured our Splunk environment to allow for indexes to be set up via the Rest API. As part of this, you can specify which "app" an index should "belong" to.
As an example of what I would like to achieve...
If I created the following indexes:
Index Name App Name
index1 app1
index2 app1
index3 app2
index4 app1
index5 app2
I want to be able to create a drop-down search on a dashboard that is part of app1 which will return a list of indexes that belong to that app. In this case, the drop-down would include; index1, index2 and index4.
Is this possible?
↧