On Splunk Enterprise and the universal forwarder, you can edit the nf file to configure your inputs. For example, the following command adds /var/log/ as a data input:įor more information on the CLI, including how to get command line help, see About the CLI in the Admin Manual. From a shell or command prompt, navigate to the $SPLUNK_HOME/bin/ directory and use the. On Splunk Enterprise and the universal forwarder, you can use the Splunk CLI to configure many inputs. The Splunk Enterprise Add Data page has an additional option for getting data in: You can edit configuration files directly on both indexers and heavy forwarders, and some advanced data input needs might require you to make edits. While this option is not available on Splunk Cloud Platform, you can use a heavy forwarder to send data directly to your Splunk Cloud Platform instance. When you specify your inputs with Splunk Web or the CLI, the details are saved in a configuration file on Splunk Enterprise indexer and heavy forwarder instances. You can also use it on a heavy forwarder to get data into Splunk Cloud Platform. You can use the CLI to configure most types of inputs. This method is available for getting data in to Splunk Enterprise. The Splunk Command Line Interface (CLI).In addition to these methods, you also can use the following methods. With Splunk Enterprise, you can add data using Splunk Web or Splunk apps. See these topics for more information:įor more help on how to add data in Splunk Web, see How do you want to add data? Add your data to Splunk Enterprise Click an icon to go to a page to define the data you want to upload, monitor, or forward. You can choose different options to get data in on the Add Data page. Select Settings > Data inputs from the Data section of the Settings drop-down list.From the Splunk Web home page, click Add Data.You can add data inputs from the Splunk Web home page or by selecting Settings > Data Inputs. You can download apps to handle specific types of application data. Splunk apps and add-ons extend the capability and simplify the process of getting data into your Splunk Cloud Platform deployment. There are additional ways to get data in for Splunk Enterprise. See Use forwarders to get data in to Splunk Enterprise. Depending on the operating system, you can specify some of the inputs at forwarder installation time. For non-Splunk Cloud Platform installations, you can use these forwarders to send data to a central indexer. If your data is remote, you can configure forwarders to send data from outlying machines to your Splunk Cloud Platform instance. See Assign the correct source types to your data. In addition, when you upload a file, you can preview and make adjustments to how Splunk Cloud Platform must index the file. You can access the Add Data page from the Splunk Web home page. You can configure some inputs using Splunk Web. For more information, see Use apps to get data in. You can use a variety of apps that offer preconfigured inputs, views, and knowledge objects for various use cases. You can configure data inputs using the following methods: To add a new type of data to your Splunk platform instance, configure a data input. See What is Splunk knowledge? in the Knowledge Manager Manual. What do I want to do with the indexed data? See Use forwarders to get data in to Splunk Cloud. If you have a Splunk Cloud Platform instance, you might have to. See Is my data local or remote?ĭo I need to use forwarders to access remote data? For a Splunk Enterprise instance, data can be local or remote. See Use apps to get data in.įor a Splunk Cloud Platform instance, data is always remote, which means that you have to use a universal forwarder or HEC to get the data indexed into Splunk Cloud Platform. Use apps if they exist for the type of data you want to get in. If there is an app for the type of data you want to get in, you can save yourself considerable time in configuring and tweaking inputs on universal forwarders. Splunk and many third-party developers provide apps that facilitate and improve data ingestion. On the other hand, if you want to ingest Windows data, you might want to use an app to help you get the data in. For example, if you want to get data in from a proprietary application, you might want to use the HTTP Event Collector (HEC). The type of data you want to index affects how you get data in. The best way depends on the location and volume of data, your infrastructure and security needs, and what you intend to do with that data.Īnswer the following questions to help you determine the best way to get data into your Splunk platform instance. You can get data into your Splunk platform instance in a number of ways.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |