How do you want to add data?
The fastest way to add data to your Splunk Cloud Platform instance or Splunk Enterprise deployment is to use Splunk Web.
The Add Data page
To add data to the Splunk platform, access the Add Data page in Splunk Web by following these steps:
- Log into Splunk Web, the Home page appears.
- Click Add Data under the Settings tab to access the Add Data page.
The Add Data page does not appear if your search head is part of a search head cluster. See About search head clustering in the Splunk Enterprise Distributed Search manual for more information. - After you access the Add Data page, choose one of three options for getting data into your Splunk platform deployment with Splunk Web:
- Upload
- Monitor
- Forward
Upload
The Upload option lets you upload a file or archive of files for indexing. When you choose Upload option, Splunk Web opens the upload process page. For more details, see Upload data.
Monitor
For Splunk Cloud Platform deployments, you can monitor files and directories with the HTTP Event Collector. For Splunk Enterprise installations, the Monitor option lets you monitor one or more files, directories, network streams, scripts, Event Logs (on Windows hosts only), performance metrics, or any other type of machine data that the Splunk Enterprise instance has access to. When you choose the Monitor option, Splunk Web loads a page that starts the monitoring process. See Monitor data.
Forward
If you have a Splunk Cloud Platform environment, using a forwarder is the most common method for getting data in. The Forward option lets you receive data from forwarders into your Splunk Cloud Platform deployment. When you choose the Forward option, Splunk Web takes you to a page that starts the data collection process from forwarders. See Forward data.
The Forward option requires additional configuration. Use this option only in a single-instance Splunk Cloud Platform environment.
Guided Data Onboarding
The Guided Data Onboarding (GDO) feature also provides end-to-end guidance for getting select data sources into specific Splunk platform deployments.
From the home page in Splunk Web, find the data onboarding guides by clicking Add Data. From there you can select a data source and configuration type. Then view diagrams, high-level steps, and documentation links that help you set up and configure your data source.
You can find all of the Guided Data Onboarding manuals by clicking the Add data tab on the Splunk Enterprise Documentation site.
How handles your data | Upload data |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.2.2406, 8.2.2203, 9.0.2205, 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403 (latest FedRAMP release)
Feedback submitted, thanks!