https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59329#M11684 <P>Complete documentation of the REST API is available at <A href="http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents">http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents</A></P> Fri, 27 Jan 2012 17:31:30 GMT ChrisG 2012-01-27T17:31:30Z https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59327#M11682 <P>Does Splunk provide API for an external application to read the parsed data and generate the output for Splunk to display?</P> <P>We plan to implement proprietary algorithm to detect anomaly in logs, but yet leverage on splunk's data collection/parsing and visualization capability.</P> Fri, 27 Jan 2012 09:16:17 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59327#M11682 wanling 2012-01-27T09:16:17Z https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59328#M11683 <P>Splunk provides a REST API (<A href="http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8">http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8</A> ) that external applications can use to perform queries. This API cannot however (at least not easily) in itself be used for writing back results directly into Splunk. There are a number of options for how to achieve this though.</P> <UL> <LI>You could create a scripted input that performs the queries through the REST API, carries out its analysis and then echoes back its results to stdout, which will then be read by Splunk.</LI> <LI>You can have the script run separately and write its results to a file that is monitored by Splunk.</LI> <LI>If your analysis is performed line-by-line, you could have it run as a dynamic lookup script that writes its results to a field.</LI> </UL> <P>Only the dynamic lookup option meets the requirement of showing externally analysed results from some specific query directly back to the user.</P> Fri, 27 Jan 2012 11:30:55 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59328#M11683 Ayn 2012-01-27T11:30:55Z https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59329#M11684 <P>Complete documentation of the REST API is available at <A href="http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents">http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents</A></P> Fri, 27 Jan 2012 17:31:30 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59329#M11684 ChrisG 2012-01-27T17:31:30Z https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59330#M11685 <P>Regrading the getting data back into Splunk ,you can certainly also do this via REST using the <A href="http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#POST_receivers.2Fsimple">receivers/simple</A> or <A href="http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#POST_receivers.2Fstream">receivers/stream</A> endpoints.</P> <P>Also ,check out the <A href="http://dev.splunk.com/view/sdks/SP-CAAADP7">SDKs</A> at dev.splunk.com , will help you to get up and running with the REST API a lot quicker.</P> Sat, 28 Jan 2012 20:58:34 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59330#M11685 Damien_Dallimor 2012-01-28T20:58:34Z https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59331#M11686 <P>Already been done - see the <A href="http://splunk-base.splunk.com/apps/68765/prelert-anomaly-detective">Prelert Anomaly Detective</A></P> Mon, 18 Mar 2013 19:37:16 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-extension/m-p/59331#M11686 richcollier 2013-03-18T19:37:16Z