Topics

| pdf version

How Splunk Works

Getting Started

Data Inputs

Data Distribution

Indexing

Timestamps

Fields

Hosts

Source Types

Event Types

Search

Distributed Search

Security

Data Management

Deployment Server

Performance Tuning

Configuration Files

Applications

Reference

Troubleshooting


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Configure inputs via Splunk Web

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6

Configure inputs via Splunk Web

Follow these instructions to configure data inputs via Splunk Web. You can also configure data inputs via Splunk's CLI or a configuration file.


Configuration

  • Click Admin in the upper right-hand corner of Splunk Web.
  • Then click the Data Inputs Tab. Pick from the following input categories:
  • All - Display and access to the following data inputs categories:
    • FIles & Directories - Display and access configuration of each path being read by Splunk.
    • FIFO Queues - Display and access configuration of each FIFO being processed by Splunk.
    • Network Ports - Display and access configuration for UDP and TCP ports.
  • Click the Add Inputs link next to a category to configure new inputs. Pick from the following options,

Files and directories

  • Under the Source heading, pick a Data Access method:
    • Spool:
    • Copy a file on the server into Splunk via the sinkhole directory.
    • Tail:
    • A file or directory continuously monitored for new input to index.
    • Upload:
    • Upload a file from your local machine into Splunk.
    • Watch and copy:
    • Copy files from a directory into Splunk.
    • Watch and symlink:
    • Same as watch and copy; creates a symlink instead of copying the files.
  • Then, specify the pathname to the file or directory. If you select the Upload method, you are presented with a Browse... button.
  • Under the Host heading, select the host name. You have several choices if you are using Tail or Watch methods. Learn more about setting host value.
  • Now set the Source Type. Source type is a default field added to events. Source type is used to determine processing characteristics such as timestamps and event boundaries. Learn more about setting source type.
  • After specifying the source, host, and source type, click the Add button.

FIFO queues

  • Under the Source heading, type in the path to the FIFO.
  • Under the Host heading, accept the default host name or enter a new hostname/IP address.
  • Under the Source Type heading choose:
    • From List:
    • select one of the pre-defined source types from the drop-down list.
    • Manual:
    • label your own source type in the text box.
  • Click the Add button.

Network ports

With a Splunk Enterprise license, you can define input from any TCP or UDP port.


  • Under the Source heading, select Protocol of UDP or TCP.
  • Accept the default port, 9998, or enter another port number.
  • Specify whether this port should accept connections from all hosts or one host.
    • If you specify one host, enter the IP address of the host.
  • Under the Source Type heading choose:
    • From List:
    • select one of the pre-defined source types from the drop-down list.
    • Manual:
    • label your own source type in the text box.
  • Click the Add button.
Retrieved from "http://www.splunk.com/base/Documentation/3.2/Admin/ConfigureInputsViaSplunkWeb"
Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons

Copyright © 2005-2009 Splunk Inc. All rights reserved.