Splunk Cloud Quick Start
If you are new to Splunk Cloud and want to get started quickly, the following steps tell you how to get some data into your Splunk Cloud deployment and search it.
What you need
- Your Splunk Cloud URL, Splunk username, and password. When you bought Splunk Cloud, you received an email containing this information to enable you to log in to your Splunk Cloud deployment.
- A standard type of log file that resides on your computer to use as sample data for this exercise, like a
/var/log/messagesfile on a Unix machine, or a text file in
C:\Windows\System32\LogFileson a Windows computer.
Step 1. Log into Splunk Cloud
- Open your web browser.
- Navigate to your Splunk Cloud URL. (Examples:
- Log in using the credentials supplied by Splunk Sales or Support.
You are now viewing Splunk Web, the browser-based GUI where you work with your Splunk Cloud deployment.
Step 2. Upload a file
In Splunk Web, perform the following steps:
- To create a test index where you can store test data, choose Settings > Indexes.
- On the Indexes page, click New Indexes and assign the index a name. To minimize resource consumption, specify a small size and retention period.
- Select Settings from the menu bar and click Add Data.
- On the Add Data page, click Upload.
- Click the Select File button, browse to a log file on your computer, and click Choose. The file is uploaded.
- Click the Next button.
- On the Set Source Type screen, choose the correct source type for the file you uploaded, or, if none is appropriate, specify a name for the new source type and click Next.
- On the Input Settings page, choose your test index.
- Click Review and verify your settings.
- Click Submit.
After your data is uploaded, Splunk Web displays a "Success" message. Your data is now ready for you to search.
Step 3. Search your data
From the "Success" screen, click the Start searching button. Splunk Web displays the data from the log file that you just uploaded, parsed into time-stamped events. If you do not see search results, verify that the time range displayed to the right of the search bar corresponds to the time range of the events in the file that you uploaded.
Step 4. Forward data
To feed data continually to your Splunk Cloud deployment, you install and configure the Splunk universal forwarder on the machine where the data resides. For details about installing and configuring forwarders, refer to the platform-specific documentation below:
- Get Windows Data into Splunk Cloud
- Get *nix data into Splunk Cloud
- Forward data from files and directories to Splunk Cloud
As with the data you uploaded, you can isolate your test data from any production data by forwarding it to a test index.
- Send data directly to your Splunk Cloud deployment using HTTP protocol. For details, see Set up and use HTTP Event Collector.
- Create users and administer their access to your Splunk Cloud deployment. For details, see Manage Splunk Cloud users.
Getting started with Splunk Cloud
Overview of getting data into Splunk Cloud
This documentation applies to the following versions of Splunk Cloud™: 8.0.2006, 8.0.2007, 8.1.2008, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104