As mentioned earlier in this chapter, any configuration you make in the Splunk portal corresponds to a *.conf file written under the $SPLUNK_HOME directory. The same goes for the creation of data inputs; adding data inputs using the Splunk user interface creates a file called inputs.conf.
For this exercise use the windows_perfmon_logs.txt file provided in the Chapter 2/samples.
Now that you have an index to store Windows logs, let's create a data input for it, with the following steps:
- Go to the Splunk home page.
- Click on your Destinations app. Make sure you are in the Destinations app before you execute the next steps, or your configuration changes won't be isolated to your application.
- In the Splunk navigation bar, select Settings.
- Under the Data section, click on Data inputs.
- On the Data inputs page, click on Files & directories.
- In...
