Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

forwarding to third party REST endpoint

vijay
Engager
‎06-27-2021 07:53 AM

Hi,

Is it possible  from Splunk universal/heavy forwarder to forward data to third party REST API endpoint over https using basic authentication ?

I have use case where Splunk universal/heavy forwarder has to forward data to Splunk enterprise + 3rd party client REST api endpoint for processing data.

Is this use case possible ?

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎06-28-2021 02:46 PM

@vijay 

I want to correct first bullet point about custom setup, you can not enforce HF to store data on file it can only index the data. Hence you have to implement script on the machine where originally present. Hope it helps Appreciate if you could Accept the solution.

View solution in original post

Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-27-2021 05:23 PM

Hi @vijay 

Splunk docs suggest HF can forward to only TCP endpoint not to HTTP Rest API. You can find same documentation here - Forward data to third-party systems - Splunk Documentation

If you wish to do so i would do using store-and-forward model using custom script.

  • Receive on HF and store the data to a file
  • write a custom script to read every line from a file and curl to Rest API either line-by-line or batch mode.
  • You can cron schedule the script to run and have a checkpoint to track where you have last read the stored file... and retry in case of target Rest API failed to receive.

---

An upvote would be appreciated & Accept solution if it helps!

0 Karma
Reply
Solved! Jump to solution

vijay
Engager
‎06-28-2021 01:27 PM

Thanks for the help @venkatasri .

0 Karma
Reply
Solved! Jump to solution
Solution

venkatasri
SplunkTrust
SplunkTrust
‎06-28-2021 02:46 PM

@vijay 

I want to correct first bullet point about custom setup, you can not enforce HF to store data on file it can only index the data. Hence you have to implement script on the machine where originally present. Hope it helps Appreciate if you could Accept the solution.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...