All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk Index to pull Data from SAP ALM

andgarciaa
Explorer
‎05-23-2024 02:25 PM

One of my customers is using a tool with a rest API available via SAP ALM Analytics

API Ref.

https://api.sap.com/api/CALM_ANALYTICS/overview


They are looking to get data from the API into a Splunk Index, so we suggest having an intermediary application (like a Scheduled Function) to get data from SAP and send it to Splunk using an HEC Token.

Is it possible to use something at Splunk directly to pull the data from 3rd party? Or is the suggested approach a good idea to go?

 

Labels (1)
Labels
Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

deepakc
Builder
‎05-28-2024 02:38 AM

Option 1 - If the app can send direct to HEC then that is least path of resistance, so try that first as Json and ensure it has a timestamp in the data and then create a sourcetype based on props and transforms. 

You will need to send to the HEC/event or HEC/Raw - most likely event HEC end point - so you will need to test this out first

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/Data/HECRESTendpoints 


Option 2 - A possible Splunk component is to use the Splunk Add-builder, this requires you install this onto a Splunk instance such a lab / test environment or Splunk Heavy Forwarder, not onto production Splunk Servers . You then develop a custom app to poll the API and collect data for indexing purposes. See the below for reference.   

https://docs.splunk.com/Documentation/AddonBuilder/4.2.0/UserGuide/ConfigureDataCollection  

Option 3 is to write python code and pull the data and send to HEC(This obviously requires code development) 


Option 4 - There some API collection Apps on Splunk base, but I think those are by third-party and may require licence.  

https://splunkbase.splunk.com/app/1546 

 

View solution in original post

Reply
Solved! Jump to solution
Solution

deepakc
Builder
‎05-28-2024 02:38 AM

Option 1 - If the app can send direct to HEC then that is least path of resistance, so try that first as Json and ensure it has a timestamp in the data and then create a sourcetype based on props and transforms. 

You will need to send to the HEC/event or HEC/Raw - most likely event HEC end point - so you will need to test this out first

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/Data/HECRESTendpoints 


Option 2 - A possible Splunk component is to use the Splunk Add-builder, this requires you install this onto a Splunk instance such a lab / test environment or Splunk Heavy Forwarder, not onto production Splunk Servers . You then develop a custom app to poll the API and collect data for indexing purposes. See the below for reference.   

https://docs.splunk.com/Documentation/AddonBuilder/4.2.0/UserGuide/ConfigureDataCollection  

Option 3 is to write python code and pull the data and send to HEC(This obviously requires code development) 


Option 4 - There some API collection Apps on Splunk base, but I think those are by third-party and may require licence.  

https://splunkbase.splunk.com/app/1546 

 

Reply
Solved! Jump to solution

Dare2SplunkSAP
Explorer
‎07-31-2024 01:12 PM

I disagree with the solution suggested. Why not use something out of the box, like PowerConnect, to send the data to Splunk? You can do it directly from the systems reporting to ALM. PowerConnect is fully supported for ABAP, JAVA, and most SAP SaaS offerings.

0 Karma
Reply
Solved! Jump to solution

srbruso_AWI
New Member
‎05-27-2025 01:15 PM

SAP EC Payroll Cloud does not allow for PowerConnect to be installed as an add-on unlike the other SAP Cloud systems, so customers are forced to use SolMan or SAP Cloud ALM to monitor jobs.  

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...