topic Re: Can I replace Splunk Universal Forwarder with Apache NiFi? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Can-I-replace-Splunk-Universal-Forwarder-with-Apache-NiFi/m-p/357216#M65229 <P>Hi,<BR /> a little bit late but... </P> <P>As far as I understand putSplunk is sending data just using TCP or UDP inputs.</P> <P>So... this should do the trick on Splunk UFW side...</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports">http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports</A></P> <P>Remember, that if you want to send different type of data please use different ports and define index and sourcetype in your inputs.conf.</P> <P>Much better is using Splunk HTTP Event Collector ... </P> <P>I think it's "AttributeToJSON" then?</P> <P>HTH,</P> <P>Holger</P> Sun, 11 Mar 2018 20:06:39 GMT hsesterhenn_spl 2018-03-11T20:06:39Z Can I replace Splunk Universal Forwarder with Apache NiFi? https://community.splunk.com/t5/Getting-Data-In/Can-I-replace-Splunk-Universal-Forwarder-with-Apache-NiFi/m-p/357215#M65228 <P>NiFi has a putSplunk processor that should do what I want (send data to an indexer)</P> <P>BUT it doesn't have any place for me to specify sourcetype, or index, and it only has one "Host" field, whereas I usually use autolb with 2 indexers.</P> <P>Can I do this? If so, how? </P> <P>Thanks!</P> Wed, 15 Mar 2017 19:05:05 GMT https://community.splunk.com/t5/Getting-Data-In/Can-I-replace-Splunk-Universal-Forwarder-with-Apache-NiFi/m-p/357215#M65228 gozulin 2017-03-15T19:05:05Z Re: Can I replace Splunk Universal Forwarder with Apache NiFi? https://community.splunk.com/t5/Getting-Data-In/Can-I-replace-Splunk-Universal-Forwarder-with-Apache-NiFi/m-p/357216#M65229 <P>Hi,<BR /> a little bit late but... </P> <P>As far as I understand putSplunk is sending data just using TCP or UDP inputs.</P> <P>So... this should do the trick on Splunk UFW side...</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports">http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports</A></P> <P>Remember, that if you want to send different type of data please use different ports and define index and sourcetype in your inputs.conf.</P> <P>Much better is using Splunk HTTP Event Collector ... </P> <P>I think it's "AttributeToJSON" then?</P> <P>HTH,</P> <P>Holger</P> Sun, 11 Mar 2018 20:06:39 GMT https://community.splunk.com/t5/Getting-Data-In/Can-I-replace-Splunk-Universal-Forwarder-with-Apache-NiFi/m-p/357216#M65229 hsesterhenn_spl 2018-03-11T20:06:39Z