Splunk Dev

how can i use jsp file select to insert log files directly into splunk?

tankhanandita
Explorer

I want to load a user selected file into splunk. As shown on various websites the users gets an option to upload multiple files ..... My UI also needs a form that can be used to load the file selected from user and load it in splunk.

Kindly help me with this

1 Solution

skoelpin
SplunkTrust
SplunkTrust

It's not possible to upload multiple files at a time through the Web UI.. You will either need to do a oneshoot from the command line or you will need to install a forwarder to collect the data and forward it to the indexer

http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/MonitorfilesanddirectoriesusingtheCLI

View solution in original post

0 Karma

tankhanandita
Explorer

How about if i want to upload a single file thru UI but it has to be a user selected file from the fileselect dialog box?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

It's not possible to upload multiple files at a time through the Web UI.. You will either need to do a oneshoot from the command line or you will need to install a forwarder to collect the data and forward it to the indexer

http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/MonitorfilesanddirectoriesusingtheCLI

0 Karma

tankhanandita
Explorer

How can i upload a single file using file select dialog box in jsp thru java SDK?

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Why not just pass a simple command to upload the files rather than hassling with the UI?

Windows

Open PowerShell or CMD as Admin

cd Splunk_Home\bin

.\splunk add oneshot C:\Program Files\AppLog\log.txt

Linux

cd Splunk_home/bin
./splunk add oneshot /var/log/applog

The oneshoot command will tell this that it should not monitor the file and that it should only upload it one time which is when you run the command

0 Karma

skoelpin
SplunkTrust
SplunkTrust

I'm assuming that you want to do a JSP file upload so end users can upload info in Splunk via a dashboard and have that data available.. This is a good idea, but this would limit the amount of data you can upload at once, and a downside would be the end user would have control of setting the sourcetype which will break all your fields since fields are relative to sourcetype..

I would suggest creating a script which can be executed when a user presses a button. This script will run the command I pasted above and have the ability to upload multiple files at once along with maintaining the correct sourcetype

tankhanandita
Explorer

thank you so much for your help....it's working

0 Karma

skoelpin
SplunkTrust
SplunkTrust

Great, glad I could help!

Please accept the answer if this answered your question

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...