https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185642#M186995 <P>Hi</P> <P>Can you share sample scripts or configuration setting for me to get data from elastic search in an incremental manner? </P> <P>The source data is information about event with updated_at to get the incremental information. Other attributes include event_name, event_location, event_start_time, event_end_time</P> <P>thanks, ronak</P> Mon, 28 Sep 2020 18:38:54 GMT ronak 2020-09-28T18:38:54Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185642#M186995 <P>Hi</P> <P>Can you share sample scripts or configuration setting for me to get data from elastic search in an incremental manner? </P> <P>The source data is information about event with updated_at to get the incremental information. Other attributes include event_name, event_location, event_start_time, event_end_time</P> <P>thanks, ronak</P> Mon, 28 Sep 2020 18:38:54 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185642#M186995 ronak 2020-09-28T18:38:54Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185643#M186996 <P>Could you provide more information on what you need here? Is the data already indexed and you just want to search and get the latest/updated incremental data?</P> Fri, 16 Jan 2015 18:59:53 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185643#M186996 somesoni2 2015-01-16T18:59:53Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185644#M186997 <P>hi - Yes, the data resides in ES. </P> Fri, 16 Jan 2015 20:05:29 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185644#M186997 ronak 2015-01-16T20:05:29Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185645#M186998 <P>Not sure what you are trying to do, but you could ship the data you already have to Elasticsearch to Splunk simultaneously. I'm doing this to evaluate both products. </P> <P>Chris</P> Fri, 16 Jan 2015 20:28:33 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185645#M186998 chrisboy68 2015-01-16T20:28:33Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185646#M186999 <P>Chris </P> <P>Some system, that can send data to one destination , in my enterprise has already sent data to ES. My objective is to extract the data from ES and give to splunk for indexing. </P> <P>I'm looking for a template script or configuration that someone might have already done to extract data from ES ...</P> <P>Hope this helps clarify</P> <P>appreciate any pointers</P> <P>thanks, ronak</P> Fri, 16 Jan 2015 20:54:28 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185646#M186999 ronak 2015-01-16T20:54:28Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185647#M187000 <P>Hi Ronak,</P> <P>we are facing the same situation, would like to got ALL syslog data from elastich search to Spunk.<BR /> You have been able to solve the issue</P> <P>Many txs in advance</P> Mon, 28 Sep 2015 13:18:51 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185647#M187000 pedro50 2015-09-28T13:18:51Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185648#M187001 <P>I agree with Chris on this. Anyone looking to do this would be better off installing a UF (or HF) on the same data source that ES is using (e.g. syslog server). Even if you had an easy way to port data from ES to Splunk, you would be introducing a new point of failure, and would inherit any issues ES has with data integrity, availability, etc.</P> Mon, 28 Sep 2015 14:12:14 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185648#M187001 masonmorales 2015-09-28T14:12:14Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185649#M187002 <P>I found this ... not sure if/how it works <A href="http://devpost.com/software/splunk-elasticsearch">http://devpost.com/software/splunk-elasticsearch</A></P> Tue, 24 May 2016 15:31:34 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185649#M187002 wsnyder2 2016-05-24T15:31:34Z https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185650#M187003 <P>This might be helpful for anyone visiting; I have started working on an addon for Elasticsearch instances, feel free to use it!<BR /> <A href="https://splunkbase.splunk.com/app/4175/">https://splunkbase.splunk.com/app/4175/</A></P> Tue, 25 Sep 2018 18:50:34 GMT https://community.splunk.com/t5/Splunk-Search/Getting-data-from-Elastic-Search/m-p/185650#M187003 larmesto 2018-09-25T18:50:34Z