Find more data sources to monitor with crawl
|This feature has been deprecated.|
|This feature has been deprecated as of Splunk Enterprise version 6.0. This means that although it continues to function, it might be removed in a future version. As an alternative, you can search for files and directories to monitor manually.
For a list of all deprecated features, see the topic Deprecated features in the Release Notes.
crawl search command to search your file system or network for new data sources to add to your Splunk Enterprise index.
Change default crawler settings by editing crawl.conf. You can override the crawler defaults at the time that you run
crawl produces a log of crawl activity which it stores in
Change crawler defaults
$SPLUNK_HOME/etc/system/local/crawl.conf to change the default crawler configuration settings. You define the files and network crawlers separately, in their own stanzas.
crawl.conf contains two stanzas:
[network], which define defaults for the files and network crawlers, respectively.
For information on the definable attributes for those stanzas and their default values, read the crawl.conf spec file.
Here is an example
crawl.conf file with settings defined for both the files and network crawlers:
[files] bad_directories_list= bin, sbin, boot, mnt, proc, tmp, temp, home, mail, .thumbnails, cache, old bad_extensions_list= mp3, mpg, jpeg, jpg, m4, mcp, mid bad_file_matches_list= *example*, *makefile, core.* packed_extensions_list= gz, tgz, tar, zip collapse_threshold= 10 days_sizek_pairs_list= 3-0,7-1000, 30-10000 big_dir_filecount= 100 index=main max_badfiles_per_dir=100 [network] host = myserver subnet = 24
Get data from APIs and other remote data interfaces through scripted inputs
Overview of event processing
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12