Splunk® Enterprise

User Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Add data to your indexes

As you read in the "About data and indexes" topic, Splunk can index logs, configuration files, traps and alerts, messages, scripts and code, and performance data from all your applications, servers and network devices. You can add most of these data sources via Splunk Web.

Access the data inputs configuration page

If you have the appropriate permissions, you can view and manage all of the data in your indexes from Splunk Manager's data inputs configuration page. To access this page:

1. Click the Manager link on the upper right hand corner of the screen. This link should always be available, regardless of the app you are currently in.

2. From the list of Splunk system configuration pages, click Data inputs. The data inputs configuration page displays a table listing the type of data and a count of the existing inputs for each type.

To add new data from files and directories, via TCP or UDP, or using a script, click the appropriate Add new link.

For more specifics about data inputs and how to add them, see "What Splunk can index" in the Getting Data In Manual.

Can't find the data you know is in Splunk?

When you add an input to Splunk, that input gets added relative to the app you're in. Some apps write input data to their own specific index (for example, the Splunk App for Unix and Linux uses the 'os' index). If you're not finding data that you're certain is in Splunk, be sure that you're searching the right index.

If you add an input, Splunk adds that input to a copy of inputs.conf that belongs to the app you're in when you add that input. This means that if you navigated to Splunk Manager, directly from the Launcher your input will be added to $SPLUNK_HOME/etc/apps/launcher/local/inputs.conf.

PREVIOUS
About data and indexes
  NEXT
About search

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters