Splunk® Enterprise

Getting Data In

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Files and directories - local

One of Splunk's most versatile capabilities is monitoring files and directories for events. If your system generates it, Splunk can index, search, report and alert on it.

To get data from files and directories into Splunk, point Splunk at a file or directory:

1. From the Home page in Splunk Web, click Add data.

2. Under the To get started... banner, click A file or directory of files.

3. Click Next under Consume any file on this Splunk server.

4. On the Get data from files and directories page, specify the source of the data by clicking on one of the three available choices.

5. In the Full path to your data field, enter the path to the file or directory you want Splunk to monitor:

You can usually leave the other fields blank, including the fields under the More settings option. Look here for detailed information on those fields.

6. Click Save.

7. From the Success page, click Search to start searching. You can enter any term that’s in your data, or you can click on a source, source type or host to see data from the different directories within your syslog directory, the different types of data in those directories, or the different hosts that sent the syslog data in the first place.

For more information on getting data from files and directories, see "Monitor files and directories" in this manual.

PREVIOUS
Forwarders
  NEXT
Files and directories - remote

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14


Comments

Bump! Seeing the same problem.

Bankofmanhattan
January 13, 2014

Hi,<br />I am trying to add my data on another server which is mounted on my splunk server. I am tyring to get data out of whole directory and not any specific file but when I select that directory the "select" button remains disabled.

Mehal
October 4, 2012

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters