Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to combine multiple data input into one with d...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to combine multiple data input into one with different polling interval
KJ10
Loves-to-Learn
03-27-2025
07:45 AM
Hi Team,
How to combine multiple data input into one, basically I am having 5 different data inputs where I am taking same data from User. How to combine all data input into one data input.
I want One data input where I will internally run 2 different data type with different polling interval.
Is this possible with python SDK and How?
Different polling intervals for “performance” and “inventory” data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
03-27-2025
07:50 AM
Hi @KJ10
Can I ask, why are you looking to consolidate the inputs?
I presume the existing 5 inputs are Python based modinputs? Is this in a custom app or something from Splunkbase?
Let me know and I will see if I can work out how best to help.
Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards
Will
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
KJ10
Loves-to-Learn
03-27-2025
08:23 AM
Basically we are taking same cred in all 5 data input. So I want to combine them and segregate using performance and inventory data using 2 different time intervals.
Yes existing 5 inputs are Python based modinputs. This in our custom app.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Super Champion
03-27-2025
09:15 AM
Hi @KJ10
Thanks for your response, ultimately its going to be hard to identify the best approach to this without having the code, but I would suggest determining how its currently written and then checking out the best-practices for the approach taken.
Typically there are 3 ways to create a Splunk app:
- Splunk Add-on builder
- UCC Framework (my preference)
- Custom Python
I'd start by looking at the common code between the 5 existing modules and find where you can put a loop to loop over the the different endpoint (presumably?) that you need to query so that you combine the inputs. Be sure to update the source/sourcetype accordingly for each of the iterations so that your data doesnt end up in one big source/sourcetype and hard to separate between the 5 types.
If you're able to share the code on here (anonymised if required) then I might be able to tailor the help but please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards
Will
Get Updates on the Splunk Community!
.conf25 Registration is OPEN!
Ready. Set. Splunk!
Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Detecting Cross-Channel Fraud with Splunk
This article is the final installment in our three-part series exploring fraud detection techniques using ...
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
