How do I monitor a file through REST api

wava11 · ‎03-17-2018

Hi,

I'm new to splunk and will be working with its REST api.
So far I've been adding files to be monitored using splunk's UI, but now i need to do so using its REST api.
Is it possible ?
If so how can it be done ?

VatsalJagani · ‎03-18-2018

Hi @wava11,
There are two ways to do this. I prefer first because if you are beginner with RestApi and Splunk it will help you a lot to understand configuration file in general.

1st.
I hope you understand configuration files in splunk. There is a configuration file for storing input - inputs.conf. Adding stanza in it will add file to monitor. Learn how to write stanza in inputs.conf file http://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Inputsconf. Now there is a way in RestApi via which you can edit any configuration file in splunk - https://docs.splunk.com/Documentation/Splunk/7.0.2/RESTTUT/RESTconfigurations. Now you know the stanza add it via RestApi.

Restart the splunk and you are done.
(You can also restart Splunk with RestApi - https://[Host]:[Port]/services/server/control/restart)

2nd.
http://docs.splunk.com/Documentation/Splunk/7.0.2/RESTREF/RESTinput

Thanks,
@vatsaljagani

How do I monitor a file through REST api

What’s New in Splunk Observability Cloud – June 2025

Almost Too Eventful Assurance: Part 2

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

Are you a member of the Splunk Community?

How do I monitor a file through REST api

What’s New in Splunk Observability Cloud – June 2025

Almost Too Eventful Assurance: Part 2

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos