Getting Data In

Can I modify Data from Splunk using Splunk API?

misteryuku
Communicator

Lets say if i do not search for the data using the splunk search then can i edit the data directly from the splunk server using the Splunk's REST api?

Tags (1)
0 Karma

Ayn
Legend

Edit as in change data that is already in Splunk's index? No. Once data is indexed, there is no (easy) way of altering it.

misteryuku
Communicator

Nothing i just want to know if there is such thing as updating the indexed data since i don't see any documentation on that on this Splunk website.

0 Karma

Ayn
Legend

Could you tell us a bit more about what you're trying to achieve?

0 Karma

Ayn
Legend

When you search in Splunk - regardless of which method you're using - you're getting your results from Splunk's index, yes.

0 Karma

misteryuku
Communicator

Normally when log file data is sent to splunk, splunk indexes the file data right? When you search for the result using Splunk's REST API, the result normally returns indexed data right? Am i right in both statements i made?

0 Karma

Ayn
Legend

OK. In that case the answer is no.

0 Karma

misteryuku
Communicator

Yes. That is what mean. Edit as in change data that is already in Splunk's index.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...