Splunk | Create your index

Create an index for storing your events in Splunk. For more information on the Perfecto Splunk project, see the article Splunk | Perfecto-Splunk data schema.

An Index is the repository for all the events you submit to Splunk. As part of the Splunk configuration, you need create a separate index to use for your purposes.

Important: This document includes references to a third-party product, Splunk. The user interface and usage of third-party products are subject to change without notice. For the latest published information about Splunk, see https://docs.splunk.com/Documentation.

Create your Splunk index

  1. Select Settings and then Indexes.

  2. Select the new index.

  3. Enter an Index Name and select Search & Reporting from the App section; then click Save.

  4. You may need to ensure the index is enabled before proceeding

Add the index to user roles

  1. Before you can see the data added to the index, make sure your user has access to the index.

  2. Select Settings and then Access Controls.

  3. Select Roles.

  4. Select the role you want to modify.

  5. Scroll to indexes searched by default and the indexes section at the bottom of the page. From here, add your newly created index to the selected indexes section, and then click Save.