Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to forward extracted data from Splunk to 3rd party?

thamohit
New Member
‎06-14-2017 10:51 PM

I have a requirement where I will be getting logs from various sources in Splunk, extract some useful information from it and then again I need to forward that extracted information to a 3rd party. I've been able to collect the logs and extract information from it but I want to know how can I forward that extracted information to 3rd party.

0 Karma
Reply

DalJeanis
Legend
‎06-15-2017 11:31 AM

Depending on the need, you can extract to a csv file and transmit, or create a search that generates an email with data inline or attached. You could also generate a REST call and POST the data somewhere, or a hundred other things.

When deciding on your solution, be sure to consider the type of data that is in your report. If the data is at all confidential, then you need to be transmitting in a secure way, which would argue for something other than a clear text email.

0 Karma
Reply

thamohit
New Member
‎06-15-2017 09:55 PM

I don't want the report to be transmitted. I just want to extract some fields from the original log and then forward it to the 3rd party. Forwarding can be in syslog format.

0 Karma
Reply

micahkemp
Champion
‎06-15-2017 10:49 AM

What options are available to send the data to the 3rd party? Would it be enough to run reports that email csv files? Do you have to send specific bits of raw logs to them via syslog?

0 Karma
Reply

thamohit
New Member
‎06-15-2017 09:53 PM

Well forwarding the data in syslog format would be fine to 3rd party.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...