Upload the tutorial data
This tutorial uses a set of data that is designed to show you the features in the product. Using the tutorial data ensures that your search results are consistent with the steps in the tutorial.
Prerequisites
- You must have the tutorial data files on your computer.
- The tutorialdata.zip file must remain compressed to upload the file successfully. Some browsers automatically uncompress ZIP files. See Download the tutorial data files for more information.
- It is helpful to understand the type of data you that are uploading with this tutorial. See What is in the tutorial data?.
Use the Add Data wizard
- If you are not on the Splunk Home page, click the Splunk logo on the Splunk bar to go to Splunk Home.
- Locate the Add Data icon.
- Splunk Cloud
- a. If the Welcome to the Splunk Free Cloud Trial! window is displayed, close the window.
- b. Click Settings > Add Data.
- Splunk Enterprise
- a. In the Explore Splunk Enterprise panel, click Add Data.
- Click Upload. There are other options for adding data, but for this tutorial you will upload the data files.
- Under Select Source, click Select File to browse for the file in your download directory.
- Select the
tutorialdata.zip
file and click Open.Because you specified a compressed file, the steps in the wizard change because the Splunk software recognizes the data source. The Set Source Type step is skipped. When you load data that is not in a compressed file, you will set the data source type.
- Click Next to continue to Input Settings.
- Under Input Settings, you can override the default settings for Host, Source type, and Index.
Because this tutorial uses a ZIP file, you are going to modify the Host setting to assign the host values by using a portion of the path name for the files included in the ZIP file. The setting that you specify depend whether you are installing on Splunk Cloud or Splunk Enterprise, and on the operating system that you are using.
- Splunk Cloud
- a. Select Segment in path.
- b. Type
1
for the segment number.
- Splunk Enterprise for Linux or Mac OS X
- a. Select Segment in path.
- b. Type
1
for the segment number.
- Splunk Enterprise for Windows
- a. Select Regular expression on path.
- b. Type
\\(.*)\/
for the regex to extract the host values from the path.
- Click Review. The following screen appears where you can review your input settings.
- Click Submit to add the data.
- To see the data in the Search app, click Start Searching.
You might see a screen asking if you want to take a tour. You can take the tour or click Skip.
The Search app opens and a search is automatically run on the tutorial data source.
Success! The results confirm that the data in thetutorialdata.zip
file was indexed and that events were created. - Click the Splunk logo to return to Splunk Home.
Next step
You have completed Part 2 of the Search Tutorial.
Now you know how to add data to your Splunk platform. Next, you will begin to learn how to search that data. Continue to Part 3: Using the Splunk Search App.
What is in the tutorial data? | Exploring the Search views |
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10
Feedback submitted, thanks!