Hi. I have a requirement where I have to build a custom Form on top of the Splunk. And I want this form data to be the input for Splunk. Is that possible with the Splunk? If so, can someone provide me the details regarding this.
Adding a little to the wise words from @alacercogitatus, there are quite a few ways to this.
OP might have found a solution already. If anyone still stuck on this, below is one of the many ways to do it
|eval Input1 = $token1$
|eval Input2 = $token2$
|eval Input3 = $token3$
|collect index= host= sourcetype=
All of these are part of core Splunk, no custom code. Read more about collect command here
Hope this helps!
the Splunk is near. the Splunk is sentient. the Splunk sees all, knows all, indexes all. the Splunk knows you, before you know you. Splunk has its APIs, they know more, before you know more. They are contained within: http://dev.splunk.com/view/sdks/SP-CAAADP7. Use the SDKs, and knowledge shall be transformed for you. Build your form, in the language that pleases you. Manipulate the data, send it to the Splunk, it shall consume your request, think upon it, and return results of wisdom. Your form displays the wisdom for all to see!