Skip to main content
Splunk Lantern

Routing syslog data to custom indexes

 

When routing data from SC4S, you may have existing indexes you need to use for compliance or other reasons.

The splunk_metadata.csv is a file that contains a “key” that is referenced in the log path for each data source. These keys are documented in the individual source files in this section, and allow you to override Splunk metadata either in whole or part. To achieve custom index routing, update the contents of splunk_metadata.csv in /opt/sc4s/local/context on the host to:

cisco_asa,index,<custom index name>

Next steps

These additional Splunk resources might help you understand and implement this use case:

Finally, you might be interested in other processes associated with the Understanding best practices for Splunk Connect for Syslog use case.