Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I monitor a file through REST api

wava11
Engager
‎03-17-2018 10:49 AM

Hi,

I'm new to splunk and will be working with its REST api.
So far I've been adding files to be monitored using splunk's UI, but now i need to do so using its REST api.
Is it possible ?
If so how can it be done ?

Tags (1)
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎03-18-2018 04:38 AM

Hi @wava11,
There are two ways to do this. I prefer first because if you are beginner with RestApi and Splunk it will help you a lot to understand configuration file in general.

1st.
I hope you understand configuration files in splunk. There is a configuration file for storing input - inputs.conf. Adding stanza in it will add file to monitor. Learn how to write stanza in inputs.conf file http://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Inputsconf. Now there is a way in RestApi via which you can edit any configuration file in splunk - https://docs.splunk.com/Documentation/Splunk/7.0.2/RESTTUT/RESTconfigurations. Now you know the stanza add it via RestApi.

Restart the splunk and you are done.
(You can also restart Splunk with RestApi - https://[Host]:[Port]/services/server/control/restart)

2nd.
http://docs.splunk.com/Documentation/Splunk/7.0.2/RESTREF/RESTinput

Thanks,
@vatsaljagani

Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top