Configuring Splunk Data Inputs

Getting data into Splunk Enterprise is the primary responsibility of a data administrator. There are multiple ways to get data into Splunk, including the standard data inputs that are popular and used across a range of data input sources. In this chapter, we will learn about these data inputs in more detail, including the suitability of these inputs with regard to data sources, and how to create monitoring inputs and adjust the configuration settings.

We’ll cover the following topics in this chapter:

  • File and directory monitoring
  • Network inputs (TCP/UDP)
  • Scripted inputs
  • HTTP Event Collector (HEC) aka agentless data input
  • Windows inputs

We explored these data inputs briefly in Chapter 8, Getting Data In. Splunk ...

Get Splunk 9.x Enterprise Certified Admin Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.