Add data to your indexes
Add data to your indexes
As you read in the "About data and indexes" topic, Splunk can index logs, configuration files, traps and alerts, messages, scripts and code, and performance data from all your applications, servers and network devices. You can add most of these data sources via Splunk Web.
Access the data inputs configuration page
If you have the appropriate permissions, you can view and manage all of the data in your indexes from Splunk Manager's data inputs configuration page. To access this page:
1. Click the Manager link on the upper right hand corner of the screen. This link should always be available, regardless of the app you are currently in.
2. From the list of Splunk system configuration pages, click Data inputs. The data inputs configuration page displays a table listing the type of data and a count of the existing inputs for each type.
To add new data from files and directories, via TCP or UDP, or using a script, click the appropriate Add new link.
For more specifics about data inputs and how to add them, see "What Splunk can index" in the Getting Data In Manual.
Can't find the data you know is in Splunk?
When you add an input to Splunk, that input gets added relative to the app you're in. Some apps write input data to their own specific index (for example, the Splunk App for Unix and Linux uses the 'os' index). If you're not finding data that you're certain is in Splunk, be sure that you're searching the right index.
If you add an input, Splunk adds that input to a copy of inputs.conf that belongs to the app you're in when you add that input. This means that if you navigated to Splunk Manager, directly from the Launcher your input will be added to $SPLUNK_HOME/etc/apps/launcher/local/inputs.conf.
This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.