Create usable indexs in Splunk

So for the past couple of hours I spent some time researching the Splunk website, wiki and forums and have not found an "effective" way of creating a splunk index and pointing one of my inputs/apps to it. So, I took on a little experiment to create my own index in my app but I couldn't get it working. The inputs were going into the index but the app couldn't see the data. I needed to give the app permission to use the new index (Duh!!). If you are using an enterprise license of splunk you would be able to assign permission through the "Users" or "Roles" option in the Splunk manager UI. However, if you are using the FREE version of Splunk you will have to perform the steps below [like I did] in order for your app to work correctly with your new index.

A few simple steps:
1.) create a new index through the Splunk web manager (or copy an already made indexes.conf file in the $SPLUNK_HOME/etc/system/default directory to your APP/local directory and modify accordingly)

2.) Once you have a working (soon to be working) indexes.conf file in your APP/local directory move on to the next step.

3.) modify/create your inputs.conf file in your APP/local/inputs.conf file to explicitly state:
index=[your index name]

something like this......
[udp://9999]
index=custom_index
disable = false
sourcetype = custom_source

3.) modify or create an authorize.conf file in your APP/local directory:

[role_user]
srchIndexesDefault = custom_index

4.) Restart splunk!

Answer to the question I posted on http://answers.splunk.com
http://answers.splunk.com/questions/1149/problem-getting-a-new-index-in-splunk-v4-0-x-to-work-properly


Happy Spelunking!!!