Getting Data In

How to check a directory is being indexed (Monitor a Directory)

Path Finder


I'm trying to get to grips with splunk to evaluate it for a company I work for.. I'm having trouble doing some basic tasks though. I've read quite a bit of the documentation and understand splunk from a high level. It looks like it should be a beautiful solution.

I want a basic set up to start with. I would like to just index 4 Apache tom cat access logs (Apache's IIS Logs).

I've installed Splunk on a local machine and created a local folder to drop the files into (we have 4 servers for an application, each creating 1 log per day).

I've setup a data input via web interface (added a regex expression for the host too).

I see from $SPLUNK_HOME/en-GB/manager/search/data/inputs/monitor the Data Input I added and it says 4 under the Number of files

But I don't see anything for those 4 files under the Sources, Source types and Hosts when I look here: $SPLUNK_HOME/en-GB/app/search/dashboard_live

So to me, it doesn't look like the files have been indexed for searching? I could do with knowning how you monitoring loading(indexing) to see when a file have been parsed, indexed and with what host, source, source type and how the events look for those files?

Another thing I was looking into was the inputs.conf file, in Splunk\etc\system\local, I believe once I set up a datainput it should add a monitoring line in here? But It looks a little empty with just several one liners and looks nothing like the file from

0 Karma
1 Solution

New Member

Most useless thread. EVER.

0 Karma

Path Finder

Why don't you post something useful and constructive. Make the thread useful for others...

I now just run searches on indexies being indexed to. Normally a count of all requests per day and just hope splunk has indexed all the events properly (or as I expect).

0 Karma

Splunk Employee
Splunk Employee

User WIndows Explorer and search for inputs.conf. I thought linux, but you are on Windows.

0 Karma

Path Finder

C:\Program Files\Splunk\etc\apps>find . -name "inputs.conf" -print
Access denied - .
File not found - -NAME
File not found - -PRINT

0 Karma

Splunk Employee
Splunk Employee

In a nutshell, if you are in an app, let's say the search app, and then you go to manager/data inputs, the inputs.conf will be located in $SPLUNK_HOME\etc\apps\search\local. If you are in another app, the inputs.conf will be in another apps local directory. Are you on a linux box?

Go to $SPLUNK_HOME\etc\apps and search using Windows Explorer for inputs.conf files.

Nothing is every going to be in the directories that you listed above for your use cases.

0 Karma

Path Finder

I'll read through this and see if I get my answers. Thank you for the reply.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

💌 Keep the new year’s momentum going with our February lineup of Community Office Hours, Tech Talks, ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Incident Response: Reduce Incident Recurrence with Automated Ticket Creation

Culture extends beyond work experience and coffee roast preferences on software engineering teams. Team ...