Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine multiple data input into one with different polling interval

KJ10
Loves-to-Learn Lots
‎03-27-2025 07:45 AM

Hi Team,
How to combine multiple data input into one, basically I am having 5 different data inputs where I am taking same data from User. How to combine all data input into one data input.
I want One data input where I will internally run 2 different data type with different polling interval.
Is this possible with python SDK and How?

 

 


Different polling intervals for “performance” and “inventory” data

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-27-2025 07:50 AM

Hi @KJ10 

Can I ask, why are you looking to consolidate the inputs?

I presume the existing 5 inputs are Python based modinputs? Is this in a custom app or something from Splunkbase?

Let me know and I will see if I can work out how best to help.

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

0 Karma
Reply

KJ10
Loves-to-Learn Lots
‎03-27-2025 08:23 AM

Basically we are taking same cred in all 5 data input. So I want to combine them and segregate using performance and inventory data using 2 different time intervals.

Yes existing 5 inputs are Python based modinputs. This in our custom app.

 

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-27-2025 09:15 AM

Hi @KJ10 

Thanks for your response, ultimately its going to be hard to identify the best approach to this without having the code, but I would suggest determining how its currently written and then checking out the best-practices for the approach taken.

Typically there are 3 ways to create a Splunk app:

  1. Splunk Add-on builder
  2. UCC Framework (my preference)
  3. Custom Python 

I'd start by looking at the common code between the 5 existing modules and find where you can put a loop to loop over the the different endpoint (presumably?) that you need to query so that you combine the inputs. Be sure to update the source/sourcetype accordingly for each of the iterations so that your data doesnt end up in one big source/sourcetype and hard to separate between the 5 types.

If you're able to share the code on here (anonymised if required) then I might be able to tailor the help but please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will 

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...