Scribd
Upload
46 views3 pages

Splunk Cloud Platform Splunk Cloud Platform Admin Manual 8.2.2203

Uploaded by

EDu Jose
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views3 pages

Splunk Cloud Platform Splunk Cloud Platform Admin Manual 8.2.2203

Uploaded by

EDu Jose
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Splunk Cloud Platform™

Splunk Cloud Platform Admin Manual 8.2.2203


Forward data from files and directories to Splunk Cloud Platform
Generated: 7/08/2022 9:24 am

Copyright (c) 2022 Splunk Inc. All Rights Reserved


Forward data from files and directories to Splunk Cloud Platform
This topic tells you how to configure and run the universal forwarder to forward the data from local files and directories. It
also provides command examples for common scenarios.

See also

For more information about See


Getting data from files and directories using Splunk The topics in the Get data from files and directories chapter in the Splunk Cloud
Cloud Platform Platform Getting Data In manual

Details about other options for forwarding data Splunk Universal Forwarder Manual

Start and restart the universal forwarder

To start the universal forwarder, go to the $SPLUNK_HOME/bin/ directory and run the splunk start command. After
changing settings for a forwarder, you must restart the forwarder by issuing the splunk restart command. To verify that
the desired data is being forwarded to Splunk Cloud Platform, use the Splunk Web Search app.

Configure the universal forwarder to forward data

To configure forwarding, use the commands and parameters listed in the following tables.

Commands

To configure forwarding of data in files, use the commands in this table.

Command Command syntax Description


add monitor
Start monitoring the specified input. The forwarder watches for changes to the specified source and
<source>
add monitor forwards data to your Splunk Cloud Platform deployment until you remove the source. For example,
[-parameter value]
to continuously monitor the files in the /var/log/ directory: splunk add monitor /var/log/
...

Edit a data input that Splunk Cloud Platform is monitoring.


edit monitor
<source> For example, to move a log file from the default location to
edit monitor
[-parameter value] C:\windows\system32\LogFiles\W3SVC, run the following command:
...
splunk edit monitor C:\windows\system32\LogFiles\W3SVC

Stop monitoring the specified input

remove remove monitor For example, to stop monitoring of the Windows log file that contains all automatic
monitor <source> update activity, run the following command:

splunk remove monitor C:\Windows\windowsupdate.log

list monitor list monitor Displays a list of all configured data inputs.

add oneshot add oneshot Use this command to forward the contents of the specified data source once.
or <source>
spool [-parameter value] For example, the following commands perform a one-time forwarding of the
...
contents of the /var/log/applog directory.

1
Command Command syntax Description
or: splunk add oneshot /var/log/applog
spool <source>
[-parameter value] or:
...
splunk spool /var/log/applog
Parameters

You can use the parameters in the following table with data input commands.

Parameter Required Description


Specify the path to the file or directory that contains the data you want to monitor or upload.

<source> Yes
The syntax for this parameter is the value. It is not preceded with the -source parameter flag.
For example, enter <source>", not "-source <source>".
Specify a single source type for the data <source>. The source type determines how events are formatted and is a
sourcetype No
default field that is included in all events.

hostname
or No Specify a single host or host name for the data "<source>". This default field is included in all events.
host

Common command examples

This section provides command examples for monitoring files and logs and uploading a file.

Description Command
Monitor the files in the /var/log/ directory (Unix) splunk add monitor /var/log/

Monitor C:\Windows\windowsupdate.log splunk add monitor C:\Windows\windowsupdate.log

Monitor the default location for Windows IIS logging splunk add monitor C:\windows\system32\LogFiles\W3SVC

Monitor a set of log files in a directory, specifying metadata to splunk add monitor /tmp/foo/*.log -index se_test
be used by the Splunk indexers -sourcetype insurgency -host vm_host01

One-time upload of a file splunk add oneshot /var/log/applog

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy