Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Cloud Data Input

mohsplunking
Path Finder
‎01-17-2025 03:54 AM

Hello Team,

When an organization is  having Hybrid deployment , so they using Splunk cloud service too, can data be sent directly to Splunk Cloud, for example there is a SaaS application which only has an option to send logs over syslog , how can this be achieved while using Splunk cloud. What are the options for Data input here. If someone can elaborate.

Thanking you in advance,

regards,

Moh

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎01-17-2025 04:16 AM

Hi @mohsplunking ,

You cannot send syslog data directly to Splunk Cloud. You must use a Splunk Universal Forwarder or Splunk Heavy Forwarder to ingest the UDP syslog and send it to Splunk Cloud.

You can see the documentation about  syslog on Splunk Cloud below.

https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/HowSplunkEnterprisehandlessyslogdata

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-17-2025 04:20 AM

It’s exactly that way.

  1. you need to understand your situation. Even there is some technical details mentioned you must understand the big picture, if you really want to utilize that data.
  2. define your options
  3. select best option
  4. implement it

In real business You cannot start directly from step 4 if you want to get working solution with reasonable costs.

0 Karma
Reply

kiran_panchavat
Influencer
‎01-17-2025 04:12 AM

@mohsplunking 

Set up a syslog forwarder to receive data from the SaaS application and then forward it to the Splunk Cloud. You can send data via HEC token also. 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-17-2025 04:12 AM

Hi

you can send or pull data into SCP. It’s totally depends on what is your SaaS system where you try to get this data. Currently quite many SaaS can send data via HEC to splunk. Another option is that they have REST api where you can query that data via modular inputs. Time by time there could be some other options too.

You should start with asking this from your SaaS vendor if they have any integration to Splunk. Also you could use google to found any other documentation for it.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top