Allow ability to change a default index

[traytonwhite]

Currently it seems with the splunk_metadata.csv you must iterate over an exhaustive list of vendor_product combinations to switch a default index to something else. It'd be nice to have a way to fully replace a default index with another option.

An example would be how there's a default index of osnix - if one would like to have all the data that would normally go to osnix to instead go to an index called foo, goal of this enhancement request would be to have that as an option via the metadata config files.