Splunk Dev

In Splunk, is it possible for users to write and edit a data form (similar to Google/Excel spreadsheet) for later analysis?

chanduira
Explorer

Hi Experts,

I want to allow users to feed data over Splunk portal like how people feed data on Google online spreadsheet.

Later I will use this data to do analysis.

Is there any option to enable this type of feature in Splunk?

Tags (2)
0 Karma

niketn
Legend

You can try exploring Lookup File Editor App on Splunkbase it is not Splunk Certified or Supported however, the app is supported on Splunk Enteprise version 6.1 through 6.5.

This app will allow you to edit and save CSV as lookup table to Splunk similar to the way Excel is used.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

arkadyz1
Builder

First of all, understand that Splunk's data are immutable. Once the event is in, you cannot change it anymore. It's a WORM (Write Once, Read Many) data repository. So editing data like Google Docs allows you to do is against the Splunk's nature, and I would mark it "impossible" for most intents and purposes.

However, if you want to save user's input as an event, you can do that with a variety of ways. The form you use does not have to be in Splunk - in fact, it will be easier to have it separately somewhere. Then, once the input is complete and the user presses something like "Submit" button, you can form the event - with timestamp and fields, best done in timestamp, name=value format, comma or space separated - and send it over.

So where to "send it over"? On the Splunk side, you can create a TCP or UDP data input which would listen on a port of your choice where you would then send your data. The index, sourcetype and other metadata would be determined by your inputs.conf (the input can be created interactively via Splunk Web). If you want more control on your online form side, take a look into HttpEventCollector - it's a relatively new, but immensely useful feature.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Splunk is essentially not a data entry tool. Could you provide more details on what (why) you're trying to do in Splunk?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...