Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Cloud Data Input

mohsplunking
Path Finder
‎01-17-2025 03:54 AM

Hello Team,

When an organization is  having Hybrid deployment , so they using Splunk cloud service too, can data be sent directly to Splunk Cloud, for example there is a SaaS application which only has an option to send logs over syslog , how can this be achieved while using Splunk cloud. What are the options for Data input here. If someone can elaborate.

Thanking you in advance,

regards,

Moh

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎01-17-2025 04:16 AM

Hi @mohsplunking ,

You cannot send syslog data directly to Splunk Cloud. You must use a Splunk Universal Forwarder or Splunk Heavy Forwarder to ingest the UDP syslog and send it to Splunk Cloud.

You can see the documentation about  syslog on Splunk Cloud below.

https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/HowSplunkEnterprisehandlessyslogdata

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-17-2025 04:20 AM

It’s exactly that way.

  1. you need to understand your situation. Even there is some technical details mentioned you must understand the big picture, if you really want to utilize that data.
  2. define your options
  3. select best option
  4. implement it

In real business You cannot start directly from step 4 if you want to get working solution with reasonable costs.

0 Karma
Reply

kiran_panchavat
SplunkTrust
SplunkTrust
‎01-17-2025 04:12 AM

@mohsplunking 

Set up a syslog forwarder to receive data from the SaaS application and then forward it to the Splunk Cloud. You can send data via HEC token also. 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-17-2025 04:12 AM

Hi

you can send or pull data into SCP. It’s totally depends on what is your SaaS system where you try to get this data. Currently quite many SaaS can send data via HEC to splunk. Another option is that they have REST api where you can query that data via modular inputs. Time by time there could be some other options too.

You should start with asking this from your SaaS vendor if they have any integration to Splunk. Also you could use google to found any other documentation for it.

r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...