To best start onboarding and beginning to work with data in Splunk Cloud Platform, review the following general steps.
- First, decide on the objective you want to achieve using Splunk Cloud Platform. Then identify the data you need in Splunk Cloud Platform to help you complete that objective.
- After you know the data source, find an add-on in Splunkbase to help you get the data into Splunk Cloud Platform (e.g., Splunk Add-on for Microsoft Windows).
- Install the Splunk Cloud credentials package to allow the forwarder to communicate with Splunk Cloud Platform securely.
- Use Splunk Lantern’s security and observability use case libraries to discover new applications for your data.
- If you have any questions regarding data onboarding, check out the Getting Data In section in our community or contact your CSM or CSA.
Next, use the links to below to learn more about the key steps in each of these processes.
Onboarding your data
Forwarding your data
Archiving your data
Indexes store the data sent to your Splunk Cloud Platform deployment. You can create, update, delete, and view index properties, modify data retention settings for individual indexes, delete data from indexes, and optimize search performance by managing the number of indexes and the data sources stored in specific indexes. Storage is based on your subscription type. You can also purchase additional data retention capacity.
- Review Splunk Cloud Platform data policies and storage information for ingest-based subscriptions and for workload pricing subscriptions.
- Create a Splunk Cloud Platform index and manage data retention settings. Review how to manage Splunk Cloud Platform indexes and create a cloud index and set up data retention.
- Learn more about the importance of data retention. Review Splunk Cloud Platform service limits and constraints.
- Learn about DDAA and DDSS storage entitlements. Review the Storage section in the Splunk Cloud Platform service description.