Data inputs

As you may have noticed, any configuration you make in the Splunk portal corresponds to a *.conf file written to the disk. The same goes for the creation of data inputs; it creates a file called inputs.conf. Now that you have an index to store your machine's Windows Event Logs, let us go ahead and create a data input for it, with the following steps:

Go to the Splunk home page.
Click on your Destinations app. Make sure you are in the Destinations app before you execute the next steps.
In the Splunk navigation bar, select Settings.
Under the Data section, click on Data inputs.
On the Data inputs page, click on the Local event log collection type as shown in the following screenshot:
In the next page select the Application and System log types. ...

Get Splunk Essentials - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk Essentials - Second Edition by Betsy Page Sigman, Erickson Delgado

Data inputs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly