Splunk Index

The Splunk app is storing data downloaded via our API into an index.

Changing Index Location

Under certain ciscumstances you might want to change the index location. For example if you want to change your independent subscription or migrate to a new Splunk host.

⚠️ Important: Interfering with Index Locations is a Splunk activity that has nothing to do with the feature and functionality of our Splunk app. We do not provide any support for dependencies and impact of manual index location changes.

You may take the following steps to change the location of a Splunk app.

  1. Copy the data from the current index location to the new index location
Then change the configuration in the VulDB App to associate the index with the new location:

  1. In the Splunk Web UI, go to Settings > Data inputs
  2. Find the VulDB entry and click on it
  3. In the table click the name of the input in the column named Input Name
  4. Click on the checkbox labelled Advanced Settings
  5. On the bottom of the page, you will see a drop down where you can choose the index for the Splunk app
As a final step check the permissions to determine what indexes are used by default in searches for your role in Splunk:

  1. Click on Settings > Users and Authentication > Roles
  2. Select the role of your user account
  3. Click on the tab indexes and ensure that both your old and your new VulDB App index are selected under Default

Aktualizacje: 2024-07-19 przez VulDB Documentation Team

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!

PoprzedniPrzeglądKolejny