Splunk is a software platform used for real-time data collection, indexing and analysis. It enables businesses to analyze huge amounts of data produced by their systems, apps and infrastructures to make wise judgements.
Splunk gathers information from numerous sources – including logs, events, metrics, and other sorts of data. Afterwards, it indexes the data and offers robust search features so users can quickly find the information they require.
How to search in multiple indices Splunk ? Also, questions in the similar lines ( search in multiple indexes, How do I search from different indexes, How to include multiple indexes in one search etc..)
We can select multiple indexes for search in Splunk, below snippet is an example of multiple indexes search.
#Select multi indices
index IN ("index1","index2", "index3", "index4")
Example:
index IN ("index1","index2", "index3", "index4")
| search log.status="200"
| stats count by "log.status"