Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine multiple data input into one with different polling interval

KJ10
Loves-to-Learn Lots
‎03-27-2025 07:45 AM

Hi Team,
How to combine multiple data input into one, basically I am having 5 different data inputs where I am taking same data from User. How to combine all data input into one data input.
I want One data input where I will internally run 2 different data type with different polling interval.
Is this possible with python SDK and How?

 

 


Different polling intervals for “performance” and “inventory” data

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-27-2025 07:50 AM

Hi @KJ10 

Can I ask, why are you looking to consolidate the inputs?

I presume the existing 5 inputs are Python based modinputs? Is this in a custom app or something from Splunkbase?

Let me know and I will see if I can work out how best to help.

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

0 Karma
Reply

KJ10
Loves-to-Learn Lots
‎03-27-2025 08:23 AM

Basically we are taking same cred in all 5 data input. So I want to combine them and segregate using performance and inventory data using 2 different time intervals.

Yes existing 5 inputs are Python based modinputs. This in our custom app.

 

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-27-2025 09:15 AM

Hi @KJ10 

Thanks for your response, ultimately its going to be hard to identify the best approach to this without having the code, but I would suggest determining how its currently written and then checking out the best-practices for the approach taken.

Typically there are 3 ways to create a Splunk app:

  1. Splunk Add-on builder
  2. UCC Framework (my preference)
  3. Custom Python 

I'd start by looking at the common code between the 5 existing modules and find where you can put a loop to loop over the the different endpoint (presumably?) that you need to query so that you combine the inputs. Be sure to update the source/sourcetype accordingly for each of the iterations so that your data doesnt end up in one big source/sourcetype and hard to separate between the 5 types.

If you're able to share the code on here (anonymised if required) then I might be able to tailor the help but please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will 

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...
Top