Change index & sourcetype

[mamema]

Hi,

i have homemonitor working with the provieded setup config. I have alsp the TA-pfsendse app running,because of other app and CIM requirement. Is it possible to change the index/sourcetype to the index/sourcetype of TA-pfsense, cause both apps ingest the same data and source. So my license usage is doubled and exceeds the daily limit. I've tried to change the index only, that breaks the app. So, can you help me to adapt the files please?

[amiracle]

My plan is to create a macro for the index and transition back to the main index to avoid any complications. For now, you can create a Splunk macro and call it home monitor then update the searches to include the macro for the index.