Splunk® Enterprise

Getting Data In

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Monitor data

If you want to monitor files and network ports on your instance, navigate to the Monitor page in Splunk Web:

  1. From the Splunk Web system bar, click Settings.
  2. Choose the Add Data page.
  3. Click the Monitor page.

The Monitor page

From the Monitor page, choose the type of data that you want to monitor. Default inputs appear first, followed by forwarded inputs, then any modular inputs that are on the instance.

The Monitor page shows only the types of data sources that you can monitor, which depends on the type of Splunk deployment you have. If you're running Splunk Enterprise, the page also shows you the platform that the instance runs on. See Types of data sources for more information on what can monitor.

Add a data input

Some data sources are available only on certain operating systems. For example, Windows data sources are available only on machines that run Windows. Splunk Cloud Platform cannot monitor Windows inputs directly because it doesn't run on Windows, but you can forward data from a universal forwarder that runs Windows to Splunk Cloud Platform.

  1. Select a source by clicking it once. The page updates based on the source you selected.
  2. Follow the on-screen prompts to complete the selection of the source object that you want to monitor.
  3. Click Next to proceed to the next step in the Add data process.

If you experience problems with these steps, the logged-in Splunk user account might not have permissions to add data or see the data source that you want to add.

Next step

Assign the correct source type to your data

Last modified on 27 October, 2021
Upload data   Forward data

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters