3 Onboarding and Normalizing Data

Splunk refers to the process of configuring new data sources as onboarding. Onboarding can be accomplished using the Splunk Graphical User Interface (GUI) (commonly known as Splunk Web) and Splunk Command Line Interface (CLI) commands, as well as by editing configuration files. The term normalizing data refers to the action of ensuring that the data is Splunk meets a Common Information Model (CIM). This is a very important step in using Splunk. In this chapter, we will explore the way data is onboarded and how we can extract fields. First, we will explore the way data is onboarded in the default inputs.conf file in the Splunk Add-on for Microsoft Windows. Then, we will use Splunk Web and configuration files ...

Get Data Analytics Using Splunk 9.x now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Data Analytics Using Splunk 9.x by Dr. Nadine Shillingford

3

Onboarding and Normalizing Data

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly