from the search view (flashtimeline) you can search with index=_internal and search for some of yours files as search arguments (probably using wildcards to make things easier)

Have you made certain that Splunk has permission to read the files? i.e. The files either have global level read permissions, or the user running splunk is in a group that has permissions to read the file?

You should typically edit inputs.conf files in the local directory (e.g. $SPLUNK_HOME/etc/apps/search/local/inputs.conf), as the default folder is usually used for global defaults (i.e. if an app is posted on SB, it will have configs in default, allowing local users to customise local configs.)

Also could state if i specify data from splunkweb then those details appear in /local/inputs.conf or /default/inputs.conf?. Because i dont see any details when i added data input from splunkweb in inputs.conf in either location.

HI MHibbin,

I tried above approach but no luck. when i try with splunk web by selecting skip preview -> continuously index data...splunk can access -> full path (/proj_data/)-> save.
It does adds data input with equal number of files on data inputs. But i dont see any data getting indexed ? 😞

I also tried same with changing inputs.conf at /local/inputs.conf but same thing happens and no data getting indexed.

How can i verify that data is getting index.

My files are .csv files in /proj_data folder.