https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704561#M3364 <P>Hi Splunk Community,</P><P>I need advice on the best approach for streaming logs from <STRONG>Splunk Cloud</STRONG>&nbsp;<STRONG>Platform</STRONG> to an external platform. The logs are already being ingested into Splunk Cloud from various applications used by my client's organization. Now, the requirement is to forward or stream these logs to an external system for additional processing and analytics.</P><P>#Splunk cloud</P><P>Thank you&nbsp;</P><P>Nav</P> Sat, 16 Nov 2024 22:12:26 GMT NavS 2024-11-16T22:12:26Z https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704561#M3364 <P>Hi Splunk Community,</P><P>I need advice on the best approach for streaming logs from <STRONG>Splunk Cloud</STRONG>&nbsp;<STRONG>Platform</STRONG> to an external platform. The logs are already being ingested into Splunk Cloud from various applications used by my client's organization. Now, the requirement is to forward or stream these logs to an external system for additional processing and analytics.</P><P>#Splunk cloud</P><P>Thank you&nbsp;</P><P>Nav</P> Sat, 16 Nov 2024 22:12:26 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704561#M3364 NavS 2024-11-16T22:12:26Z https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704563#M3365 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/274107">@NavS</a>,</P><P>Refer to&nbsp;<A href="https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice" target="_blank">https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice</A>&nbsp;for supported data egress methods:</P><BLOCKQUOTE><TABLE><TBODY><TR><TD>Data Egress</TD><TD>Dynamic Data Self-Storage export of aged data per index from Splunk Cloud Platform to Amazon S3 or Google Cloud Storage</TD><TD>No limit to the amount of data that can be exported from your indexes to your Amazon S3 or Google Cloud Storage account in the same region.</TD><TD>Dynamic Data Self-Storage is designed to export 1 TB of data per hour.</TD></TR><TR><TD>Data Egress</TD><TD>Search results via UI or REST API</TD><TD>Recommend no more than 10% of ingested data</TD><TD>For optimal performance, no single query, or all queries in aggregate over the day from the UI or REST API, should return full results of more than 10% of ingested daily volume. To route data to multiple locations, consider solutions like Ingest Actions, Ingest Processor, or the Edge Processor solution.</TD></TR><TR><TD>Data Egress</TD><TD>Search results to Splunk User Behavior Analytics (UBA)</TD><TD>No limit</TD><TD>Data as a result of search queries to feed into Splunk User Behavior Analytics (UBA).</TD></TR></TBODY></TABLE></BLOCKQUOTE><P>To stream events to both Splunk Cloud and another destination, an intermediate forwarding solution is required.</P><P>You should contact your client's Splunk account team for confirmation, but your Splunk Cloud native options are likely limited to the table above.</P> Sat, 16 Nov 2024 23:05:34 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704563#M3365 tscroggins 2024-11-16T23:05:34Z https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704565#M3366 <P>Thank you&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/49493">@tscroggins</a>&nbsp;</P> Sat, 16 Nov 2024 23:08:58 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/Best-Practices-for-Streaming-Logs-from-Splunk-Cloud-to-External/m-p/704565#M3366 NavS 2024-11-16T23:08:58Z