Splunk Cloud

Splunk Cloud User Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Splunk Cloud Quick Start

If you are new to Splunk Cloud and want to get started quickly, the following steps tell you how to get some data into your Splunk Cloud deployment and search it.

What you need

  • Your Splunk Cloud URL, Splunk username, and password. When you bought Splunk Cloud, you received an email containing this information to enable you to log in to your Splunk Cloud deployment.
  • A standard type of log file that resides on your computer to use as sample data for this exercise, like a /var/log/messages file on a Unix machine, or a text file in C:\Windows\System32\LogFiles on a Windows computer.

Step 1. Log into Splunk Cloud

  1. Open your web browser.
  2. Navigate to your Splunk Cloud URL. (Examples: https://mycompany.splunkcloud.com or https://prd-p-njqblk23gjdh.cloud.splunk.com)
  3. Log in using the credentials supplied by Splunk Sales or Support.

You are now viewing Splunk Web, the browser-based GUI where you work with your Splunk Cloud deployment.

Step 2. Upload a file

In Splunk Web, perform the following steps:

  1. To create a test index where you can store test data, choose Settings > Indexes.
  2. On the Indexes page, click New Indexes and assign the index a name. To minimize resource consumption, specify a small size and retention period.
  3. Select Settings from the menu bar and click Add Data.
    This screen image shows the open Settings menu with the Add Data icon highlighted on the left side.
  4. On the Add Data page, click Upload.
  5. Click the Select File button, browse to a log file on your computer, and click Choose. The file is uploaded.
  6. Click the Next button.
  7. On the Set Source Type screen, choose the correct source type for the file you uploaded, or, if none is appropriate, specify a name for the new source type and click Next.
  8. On the Input Settings page, choose your test index.
  9. Click Review and verify your settings.
  10. Click Submit.

After your data is uploaded, Splunk Web displays a "Success" message. Your data is now ready for you to search.

Step 3. Search your data

From the "Success" screen, click the Start searching button. Splunk Web displays the data from the log file that you just uploaded, parsed into time-stamped events. If you do not see search results, verify that the time range displayed to the right of the search bar corresponds to the time range of the events in the file that you uploaded.

This screen image shows the search bar with the time range picker highlighted.

Step 4. Forward data

To feed data continually to your Splunk Cloud deployment, you install and configure the Splunk universal forwarder on the machine where the data resides. For details about installing and configuring forwarders, refer to the platform-specific documentation below:

As with the data you uploaded, you can isolate your test data from any production data by forwarding it to a test index.

Next steps

Last modified on 30 November, 2020
Getting started with Splunk Cloud
Overview of getting data into Splunk Cloud

This documentation applies to the following versions of Splunk Cloud: 8.0.2006, 8.0.2007, 8.1.2008, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters