Can you share sample scripts or configuration setting for me to get data from elastic search in an incremental manner?
The source data is information about event with updatedat to get the incremental information. Other attributes include eventname, eventlocation, eventstarttime, eventend_time
Could you provide more information on what you need here? Is the data already indexed and you just want to search and get the latest/updated incremental data?
Not sure what you are trying to do, but you could ship the data you already have to Elasticsearch to Splunk simultaneously. I'm doing this to evaluate both products.
Some system, that can send data to one destination , in my enterprise has already sent data to ES. My objective is to extract the data from ES and give to splunk for indexing.
I'm looking for a template script or configuration that someone might have already done to extract data from ES ...
Hope this helps clarify
appreciate any pointers
we are facing the same situation, would like to got ALL syslog data from elastich search to Spunk.
You have been able to solve the issue
Many txs in advance
I agree with Chris on this. Anyone looking to do this would be better off installing a UF (or HF) on the same data source that ES is using (e.g. syslog server). Even if you had an easy way to port data from ES to Splunk, you would be introducing a new point of failure, and would inherit any issues ES has with data integrity, availability, etc.