Skip to main content
Splunk Lantern

Introduction to managing configurations in Splunk Cloud Platform

To help maximize the value of your users receive from Splunk Cloud Platform, the friendly Splunk Customer Success team created this quick reference list that highlights how customers can best manage configurations in Splunk Cloud Platform. Splunk Cloud customers do not have the ability to directly edit .conf files, but that doesn't mean they can't extend base capabilities to get more insights into their data. 

  • Find an especially important source type and resolve data quality issues to make sure it's set up for success.

  • Review at the timestamps in your data. Configure timestamp recognition to make sure Splunk doesn't waste time trying to figure out the right date-time stamp to use.

  • Define and tune event breaks. You almost certainly have some multi-line events. Figuring out what's mutli-line can be taxing on the indexers. Set the segmentation for event data to optimize your source types with what you've learned about .conf files.

  • Create a source type using the Source types management page.

  • Watch the Splunk Cloud Tutorial to see how to set up Splunk Cloud and get data in using a Universal Forwarder.

  • Build field extractions with the field extractor to build search-time field extractions. After you run a search, fields extracted for that search are listed in the fields sidebar. You can create custom field extractions to define which fields are extracted and when Splunk software extracts fields.

  • Leverage the power of lookups. Lookups make it easy to add context and create correlations with your data. For example, you can use a geospatial lookup to turn a series of IP addresses into geographical locations. Learn more about lookups and how they can enhance your search experience.