Splunk® Enterprise

Getting Data In

Download manual as PDF

Download topic as PDF

How do you want to add data?

The fastest way to add data to your Splunk Enterprise deployment is to use Splunk Web.

The Add Data page

After you log into your Splunk deployment, the Home page appears.

62 Home.png

To add data, click the Add Data button (to the right of the list of apps.) The Add Data page appears. (If your Splunk deployment is a self-service Splunk Cloud deployment, choose Settings and click Add Data.)

There are some conditions where the Add Data page does not appear:


62 AddData.png

There are three options for getting data into your Splunk deployment with Splunk Web: Upload, Monitor, and Forward.

Upload

The Upload option lets you upload a file or archive of files for indexing. When you click Upload, Splunk Web goes to a page that starts the upload process. See Upload data.

Monitor

The Monitor option lets you monitor one or more files, directories, network streams, scripts, Event Logs (on Windows hosts only), performance metrics, or any other type of machine data that the Splunk Enterprise instance has access to. When you click Monitor, Splunk Web loads a page that starts the monitoring process. See Monitor data.

Forward

The Forward option lets you receive data from forwarders into your Splunk deployment. When you click on the "Forward" button, Splunk Web takes you to a page that starts the data collection process from forwarders. See Forward data.

The Forward option requires additional configuration. Use it only in a single-instance Splunk environment.

PREVIOUS
How Splunk Enterprise handles your data
  NEXT
Upload data

This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0


Comments

Hi Woodcock,

It's still there. It's in the topic about monitoring files from the CLI. http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI

Malmoore, Splunker
September 6, 2017

What happened to the CLI option using "oneshot"? It used to be here and now it is gone!

Woodcock
September 4, 2017

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters