Splunk Tutorial 06 : Getting data into Splunk through monitoring.

 

From my previous tutorial – Splunk Tutorial 05:How to upload data into Splunk, I have demonstrated how to add data into Splunk. However, it is not the only way to get data into Splunk. In this tutorial  I will demonstrate how to get data into slunk through monitoring.

 

Upload Data Vs Monitor Data & Forwarder

Just a recall following is the difference on getting data between upload data, monitor data and fowarder

[vtftable ]
Type;;;Description;nn;
Upload;;;The Upload option lets you upload a file or archive of files for indexing. When you click Upload, Splunk Web goes to a page that starts the upload process.;nn;
Monitor;;;The Monitor option lets you monitor one or more files, directories, network streams, scripts, Event Logs (on Windows hosts only), performance metrics, or any other type of machine data that the Splunk Enterprise instance has access to. When you click Monitor, Splunk Web loads a page that starts the monitoring process.;nn;
Forward;;;The Forward option lets you receive data from forwarders into your Splunk deployment. When you click on the “Forward” button, Splunk Web takes you to a page that starts the data collection process from forwarders.{;n}The Forward option requires additional configuration. Use it only in a single-instance Splunk environment.;nn;
[/vtftable]

 

Following is the steps to getting data into Splunk by monitoring the change of xml file from following path:

 

“C:\Windows\diagnostics\index”

 

 

Now the Splunk will keep monitoring the path.

 

To verify the result:

Click Start Search

 

 

 

Leave a Comment