I have a requirement to collect data from user and insert into Splunk index for further use.
This is like the web page where many questions are asked with answer in the dropdown list. User have to select one of those answers from the list.
Once the user complete the form and click on SUBMIT button data goes to Splunk index.
I am thinking to create an application with dashboard of my requirement but don't know how to insert data in Index.
Do you people have any idea about how to do this. Your help is highly appreciated.
Thanks.
Hi BansodeSantosh,
what appens at SUBMIT: you save data in a DB or in a file?
if you save data in a DB, you can extract these data from the DB using DB-Connect, if instead you save the form in a text file, you can index this file using File inputs.
If you don't want to save it, you could use "HTTP Event Collector" (see http://docs.splunk.com/Documentation/Splunk/6.6.0/Data/UsetheHTTPEventCollector ).
Bye.
Giuseppe
Thank you Cusello, I am thinking about to store data in a CSV file and then index it through File Input option.
But I don't know how to submit this data to server where we configured this file input. Do you have any idea?
@BansodeSantosh, if you are already writing to CSV and storing it to an application server, then based on the type of Server (like Windows or *Nix) and also the version of your Splunk Enterprise, you would need a Splunk client software called Universal Forwarder to monitor and forward the CSV file from your Application Server to Splunk for indexing and searching. Refer to various Splunk Forwarder Deployment topologies: https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarderdeploymenttopologies
Ideally, if you are doing this for enterprise your Splunk Administrator should carry out these tasks as there are a lot of considerations based on performance, scaling, security etc. Remember "Splunk is only as fast as its weakest link". If you are creating a POC environment then you can refer to Standalone Splunk Server (Same Sever with Splunk Enterprise serving as Deployment Server, Indexer and Search Head), with Universal Forwarders installed on your Application Servers where you have files/directories to be monitored.
What @cusello is proposing is HTTP Event Collector, which allows you to send data directly from your Application Server to Splunk directly from your code. This will let you index Application data without having to deploy Universal Forwarders on your Application Servers.
Thanks @niketnilay and @cusello. I think Universal forwarder on application server will be an easy option.
Hi BansodeSantosh,
In one project we acquired events from a form parsing it by a php script.
I'm not an expert of http parsing because this job was done by a colleague.
Bye.
Giuseppe