- Splunk Operational Intelligence Cookbook
- Josh Diakun Paul R Johnson Derek Mock
- 128字
- 2025-04-04 16:53:01
Adding a file or directory data input using the CLI
Instead of using the GUI, you can add a file or directory input through the Splunk command-line interface (CLI). Navigate to your $SPLUNK_HOME/bin directory and execute the following command (replacing the file or directory to be monitored with your own):
For Unix, we will be using the following code to add a file or directory input:
./splunk add monitor /var/log/messages -sourcetype linux_messages
For Windows, we will be using the following code to add a file or directory input:
splunk add monitor c:/filelocation/cp01_messages.log -sourcetype linux_messages
There are a number of different parameters that can be passed along with the file location to monitor.
See the Splunk documentation for more on data inputs using the CLI (https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI).