Monitoring Splunk

How do I monitor a file through REST api

wava11
Engager

Hi,

I'm new to splunk and will be working with its REST api.
So far I've been adding files to be monitored using splunk's UI, but now i need to do so using its REST api.
Is it possible ?
If so how can it be done ?

Tags (1)

VatsalJagani
SplunkTrust
SplunkTrust

Hi @wava11,
There are two ways to do this. I prefer first because if you are beginner with RestApi and Splunk it will help you a lot to understand configuration file in general.

1st.
I hope you understand configuration files in splunk. There is a configuration file for storing input - inputs.conf. Adding stanza in it will add file to monitor. Learn how to write stanza in inputs.conf file http://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Inputsconf. Now there is a way in RestApi via which you can edit any configuration file in splunk - https://docs.splunk.com/Documentation/Splunk/7.0.2/RESTTUT/RESTconfigurations. Now you know the stanza add it via RestApi.

Restart the splunk and you are done.
(You can also restart Splunk with RestApi - https://[Host]:[Port]/services/server/control/restart)

2nd.
http://docs.splunk.com/Documentation/Splunk/7.0.2/RESTREF/RESTinput

Thanks,
@vatsaljagani

Get Updates on the Splunk Community!

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

 Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research Team (STRT) and ...