Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to upload multiple files in Splunk? Is it possible to upload multiple files like 100 1MB files in Splunk at the same time?

swati_sharma
New Member
‎07-06-2015 04:16 AM

How to upload multiple files in the Splunk?

Tags (3)
0 Karma
Reply

supunsap
New Member
‎01-08-2018 02:00 AM

If you want to upload multiple files in Splunk, you can zip file and browse it

0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎07-06-2015 05:10 AM

Do you want to upload them from the Web UI? I don't think that would work with the wizard there.

However, if you can, simply move your files to the instance running splunk and add a file monitor to those files, indexing them only once (not continuously).

0 Karma
Reply

swati_sharma
New Member
‎07-07-2015 11:57 PM

Is there no way to upload the directory to the splunk likewise we uploaded files?

0 Karma
Reply

csnidsplunk
Explorer
‎09-03-2015 07:53 AM

Why dont you put them all in a zip. Keep under 500 MB and u have your one file. 😉 Worked for me.

Reply

swati_sharma
New Member
‎07-07-2015 11:47 PM

yes, through Web UI, If I am not wrong, you want to say that we can't upload directory having 1MB*100files to the splunk.
Is there any other way by which we can upload the directory to the splunk.?

0 Karma
Reply

jeffland
SplunkTrust
SplunkTrust
‎07-08-2015 02:54 AM

Why don't you try either the oneshot from the cli, or if you like to work with the ui setting a monitor to that directory, indexing once? That does exactly what you need.

How else would you "upload" a directory? The "Add Data" wizard handles individual files, I don't see how you would apply it to more than one file.

0 Karma
Reply

swati_sharma
New Member
‎07-06-2015 04:17 AM

Please reply as soon as possible. whatever it would be.

0 Karma
Reply

bmacias84
Champion
‎07-06-2015 02:32 PM

I would use oneshot from the cli. The web interface doesn't support multiple files. Just run oneshot from any forwarder configured to send to your indexer.

http://docs.splunk.com/Documentation/Splunk/6.2.3/Data/MonitorfilesanddirectoriesusingtheCLI

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...