Hi,
We have below configuration:
1. **source**: <Path>/access.log
2. **sourceType**:AccessLogs
3. **Index**: AccessLog
Now, we need to create new sourceType (and also new index) as per requirement and disable old index (shouldn't monitor logs now onwards) . But, old data exists till now, needs to be searched using old sourcetype. How to configure these
Can a index/sourceType exists without any source(to Monitor )
Thanks,
Ramu
↧