Solved: Re: Which Add Data button should I use to import d...

mpulis8966 · ‎11-29-2016

In our Splunk Enterprise Environment, we have 3 search heads, 7 indexers, and a cluster master.

If we wanted to use the "Add Data" button to import a log file into a clustered index, where should I use the "Add Data" button?

Cluster Master?

Search head?

One of the indexers and it will distribute it to the other indexes?

mpulis8966 · ‎11-30-2016

Looks like the Answer is Any Clustered Indexer UI will import the data into the indexes using the Add Data Button

If you want to import multiple files you can upload the files to one of the indexers , log into that indexers UI and use the monitor folder option for add data

if you want to use your id rather than admin be sure you have the "edit_indexes" role under “capabilities” section.

View solution in original post

mpulis8966 · ‎11-30-2016

Looks like the Answer is Any Clustered Indexer UI will import the data into the indexes using the Add Data Button

If you want to import multiple files you can upload the files to one of the indexers , log into that indexers UI and use the monitor folder option for add data

if you want to use your id rather than admin be sure you have the "edit_indexes" role under “capabilities” section.

mpulis8966 · ‎11-29-2016

Splunk v6.3.2

Which Add Data button should I use to import data into a clustered index?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?