Create indexes for Splunk Edge Hub OS
Create indexes as part of the setup process for Splunk Edge Hub OS.
Prerequisite
Complete the steps at Prerequisites for Splunk Edge Hub OS in the Splunk Edge Hub OS Setup and Configuration Guide.
Create indexes for Splunk Edge Hub OS
Splunk Edge Hub OS produces metric and event data, so it requires both metric and event indexes. You'll configure these indexes using the Splunk App for Edge Hub in a later step.
The following table lists the Splunk Edge Hub OS data groups, the index type they use, a description of the data groups, and their default index name:
| Data group | Description | Index type | Default index name |
|---|---|---|---|
| Sensors | This is data related to internal sensors, external sensors and sensors configured through integrations, such as Message Queuing Telemetry Transport (MQTT). | Metric | edge_hub_data |
| Anomalies | This data is related to anomalies detected on sensor data collected in Splunk Edge Hub OS by internally deployed AI models. Because anomalies are correlated with sensor metrics, they use the same edge_hub_data index used for sensors. A new index is not required for anomalies in the standard dashboards. | Metric | edge_hub_data |
| Health | This data is related to the device itself in terms of CPU usage, CPU temperature, memory, and storage availability. | Metric | edge_hub_status |
| Logs | All logs generated by the Splunk Edge Hub OS are delivered by this group. | Event | edge_hub_logs |
| SNMP | The SNMP polling feature captures Simple Network management Protocol (SNMP) metrics delivered by this group. To learn more about configuring SNMP, see Collect and organize managed IP device information using the SNMP protocol. | Event | edge_hub_snmp |
| OPC-UA | OPC-UA tags from configured OPC-UA servers are delivered by this group. To learn more about configuring OPC-UA, see Configure Splunk Edge Hub OS to connect to an OPC server. | Event | edge_hub_opcua |
| MODBUS | This group delivers registered addresses from configured Modbus Transmission Control Protocol (TCP) servers. See Configure Splunk Edge Hub OS to communicate with electronic devices using the Modbus protocol. | Event | edge_hub_modbus |
Splunk Cloud Platform
To learn how to create indexes in Splunk Cloud Platform, See Manage Splunk Cloud Platform indexes in the Splunk Cloud Platform Admin Manual.
Splunk Enterprise
For single-instance deployments, create indexes on the single instance.
For distributed deployments, create indexes on the following nodes:
- Indexers to store data
- Heavy forwarder to configure the Splunk Edge Hub OS
- Search head(s) to configure the pre-built dashboards
To learn how to create indexes on Splunk Enterprise, see Create custom indexes in the Splunk Enterprise Managing Indexers and Clusters of Indexers manual.
Next step
Create an event collector token where you've configured the HEC. See Create an HTTP event collector token for Splunk App for Edge Hub.
For an overview of installation and configuration steps, see Installation and configuration overview for Splunk Edge Hub OS in the Splunk Edge Hub OS Setup and Configuration Guide.