Splunk® Enterprise

Getting Data In

Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Modify input settings

Prerequisites

After you select the source or set your source type when uploading or monitoring a single file, the Modify input settings page appears in .

You can specify additional parameters for your data input, such as its source type, application context, host value, and the index where data from the input is to be stored.

Configure source type

You can specify the source type to be applied to your data with the Source type setting. This setting appears in these situations:

  • When you specify a directory as a data source.
  • When you specify a network input as a data source.
  • When you specify a data source that has been forwarded from another Splunk instance.

If your data source doesn't meet these criteria, then you won't see the Source type setting.

Specify a source type

To specify a source type, select one of these options:

Option Description
Select Click this button to apply the source type that you specify to the data.
New Click this button to add a new source type.

Choose an existing source type

  1. From the Select Source Type drop-down list, choose the category that best represents the data's source type.
  2. Choose the source type from the list that appears.

Add a new source type

  1. In the Source Type text field, enter the name of the new source type.
  2. Choose a category for the source type in the Source Type Category drop-down list.
  3. In the Source Type Description text field, enter the description for the source type.

Configure host value

tags events with a host. The default host value is the hostname or IP address of the indexer or forwarder that initially ingests the data. However, you can configure how the software determines the host value. Configure a host value by choosing one of these available host values:

Host value Description
IP This value uses the IP address of the host from which the event originates.
DNS This value uses Domain Name Services (DNS). Events are tagged with the host name that Splunk software determines using DNS name resolution.
Custom This value uses the host value you assign in the "Host field value" text field that appears when you select this option.

Store an event in an index

The Index setting determines the index where the events for this input are to be stored.

  1. To use the default index, leave the drop-down list option set to Default. Otherwise, click the drop-down list and select the index you want the data to go to.
  2. (Optional) If the index you want to send the data to isn't in the list and you have permissions to create indexes, you can create a new index by clicking the Create a new index button.
  3. After you make your selections, click Next.
Last modified on 22 February, 2022
Modify event processing   Distribute source type configurations in Splunk Enterprise

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters