Re: How to do a one time file upload through conf ...

deva1995 · ‎04-09-2018

I want to upload a log file from my computer, through conf files. There will be no monitoring just uploading file only for once. So, which conf file i need to add and what stanzas i need to put in those files?

somesoni2 · ‎04-09-2018

What's your use-case? Any specific reason for just one time upload?

deva1995 · ‎04-11-2018

I want to mask some information in the data I have in my pc. So, i wanted to edit transforms.conf, and upload the data through conf files so that data masking can take place at the indexing time.

adonio · ‎04-11-2018

you can create the props and transforms on your indexer and when using oneshot, specify the sourcetype.
that will apply your rules of masking to your data

adonio · ‎04-09-2018

hello there, for one time upload,
run the command splunk add oneshot
see full description here:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Data/MonitorfilesanddirectoriesusingtheCLI
if the data is smaller than 500MB, you can drag and drop in the "add data" page

hope it helps

deva1995 · ‎04-11-2018

this is uploading through CLI, i want to upload the data through conf files.

adonio · ‎04-11-2018

you can create the props and transforms on your indexer and when using oneshot, specify the sourcetype.
that will apply your rules of masking to your data
you can not do one shot through conf files. you can setup the monitor stanza one time and than disable / comment it out

p_gurav · ‎04-09-2018

Is it distributed environment or single instance?

deva1995 · ‎04-11-2018

single instance.

p_gurav · ‎04-11-2018

Then you should try one shot command suggested by @adonio.

How to do a one time file upload through conf files?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?