Configuring Splunk Data Inputs
Getting data into Splunk Enterprise is the primary responsibility of a data administrator. There are multiple ways to get data into Splunk, including the standard data inputs that are popular and used across a range of data input sources. In this chapter, we will learn about these data inputs in more detail, including the suitability of these inputs with regard to data sources, and how to create monitoring inputs and adjust the configuration settings.
We’ll cover the following topics in this chapter:
- File and directory monitoring
- Network inputs (TCP/UDP)
- Scripted inputs
- HTTP Event Collector (HEC) aka agentless data input
- Windows inputs
We explored these data inputs briefly in Chapter 8, Getting Data In. Splunk Enterprise is built for data, it works on data, and it returns data for various business use cases. Data administrators involved in getting data into Splunk must adopt the correct approach, set metadata accurately...
