Splunk® Enterprise

Getting Data In

Splunk Enterprise version 9.0 will no longer be supported as of June 14, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

How do you want to add data?

The fastest way to add data to your Splunk Cloud Platform instance or Splunk Enterprise deployment is to use Splunk Web.

The Add Data page

To add data to the Splunk platform, access the Add Data page in Splunk Web by following these steps:

  1. Log into Splunk Web, the Home page appears.
  2. Click Add Data under the Settings tab to access the Add Data page.
    The Add Data page does not appear if your search head is part of a search head cluster. See About search head clustering in the Splunk Enterprise Distributed Search manual for more information.
  3. After you access the Add Data page, choose one of three options for getting data into your Splunk platform deployment with Splunk Web:
    • Upload
    • Monitor
    • Forward

Upload

The Upload option lets you upload a file or archive of files for indexing. When you choose Upload option, Splunk Web opens the upload process page. For more details, see Upload data.

Monitor

For Splunk Cloud Platform deployments, you can monitor files and directories with the HTTP Event Collector. For Splunk Enterprise installations, the Monitor option lets you monitor one or more files, directories, network streams, scripts, Event Logs (on Windows hosts only), performance metrics, or any other type of machine data that the Splunk Enterprise instance has access to. When you choose the Monitor option, Splunk Web loads a page that starts the monitoring process. See Monitor data.

Forward

If you have a Splunk Cloud Platform environment, using a forwarder is the most common method for getting data in. The Forward option lets you receive data from forwarders into your Splunk Cloud Platform deployment. When you choose the Forward option, Splunk Web takes you to a page that starts the data collection process from forwarders. See Forward data.

The Forward option requires additional configuration. Use this option only in a single-instance Splunk Cloud Platform environment.

Guided Data Onboarding

The Guided Data Onboarding (GDO) feature also provides end-to-end guidance for getting select data sources into specific Splunk platform deployments.

From the home page in Splunk Web, find the data onboarding guides by clicking Add Data. From there you can select a data source and configuration type. Then view diagrams, high-level steps, and documentation links that help you set up and configure your data source.

You can find all of the Guided Data Onboarding manuals by clicking the Add data tab on the Splunk Enterprise Documentation site.

Last modified on 31 January, 2023
How handles your data   Upload data

This documentation applies to the following versions of Splunk® Enterprise: 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters