Back to Floor
The Data Pipeline • Room 1
Data Input Types
Splunk can collect data from many sources. File & directory monitoring watches log files for new data. Network inputs listen on TCP/UDP ports for incoming data streams.
Scripted inputs run scripts at intervals and index their output. The HTTP Event Collector (HEC) accepts data over HTTP/HTTPS — ideal for applications and cloud services.
Each input type is configured through inputs.conf or through Splunk Web under Settings > Data Inputs.
inputs.conf file monitor
[monitor:///var/log/syslog]
disabled = false
index = os_logs
sourcetype = syslogKnowledge Check
Prove your understanding to clear the room (Rewards XP)
Complete the inputs.conf stanza to monitor /var/log/apache/access.log:
[:///var/log/apache/access.log]
disabled =
index = web_logs
sourcetype =
disabled =
index = web_logs
sourcetype =