Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

About Splunk Manager

To configure Splunk from within Splunk Web, use Splunk Manager. To access Splunk Manager, log into Splunk Web and click Manager in the upper right:

Manager link.jpg

Users with admin privileges can access all the areas of Manager. Other users have limited access to Manager.

The Manager page is divided into a number of areas, described below.

Apps

From the Apps area, you can manage:

  • Apps: Edit permissions for installed apps, create new apps, or browse Splunkbase for apps created by the community.

Knowledge

From the Knowledge area, you can manage:

  • Searches and reports: View, edit, and set permissions on searches and reports. Set up alerts and summary indexing.
  • Event types: View, edit, and set permissions on event types.
  • Tags: Manage tags on field values.
  • Fields: View, edit, and set permissions on field extractions. Define event workflow actions and field aliases. Rename source types.
  • Lookups: Configure lookup tables and lookups.
  • User interface: Create and edit views, dashboards, and navigation menus.
  • Advanced search: Create and edit search macros. Set permissions on search commands.
  • All configurations: See all configurations across all apps.

System

From the System area, you can manage:

  • System settings: Manage system settings including ports, host name, index path, email server settings (for alerts), and system logging.
  • Clustering: Enable components and view status.
  • Licensing: View license usage statistics and apply a new license.
  • Server controls: Restart Splunk.

Data

From the Data area, you can manage:

  • Data inputs: Add data to Splunk from scripts, files, directories, and network ports.
  • Forwarding and receiving: Configure this Splunk instance to send or receive data.
  • Indexes: Create new indexes and manage index size preferences.
  • Report acceleration summaries: Manage saved search summaries.

Deployment

From the Deployment area, you can manage:

  • Distributed search: Set up distributed search across multiple Splunk instances.
  • Deployment: Deploy and manage configuration settings across multiple Splunk instances.

Users and Authentication

From the Users and Authentication area, you can manage:

  • Access controls: Specify authentication method (Splunk or LDAP), create or modify users, and manage roles.
  • Your account: Change full name, email address, default app, timezone, or password.
PREVIOUS
Splunk configuration methods
  NEXT
About configuration files

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters