Injesting data through search api?

nitsrini · ‎02-03-2022

Is there any way we can inject data to one running Splunk enterprise(on premise) to another through search API? I can find the configured search APIs for Splunk (https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTTUT/RESTsearches) , But searching for a way to inject data through these endpoints without using forwarder .Is this possible?

somesoni2 · ‎02-03-2022

Could you provide more details on what type of data you're transferring from one Splunk instance to another and reason behind it?

nitsrini · ‎02-03-2022

@somesoni2 since the documentation provided a way for getting log files data through REST , I was wondering is there any REST API configuration available in Splunk enterprise for receiving the search data from another running instance of it.

PickleRick · ‎02-03-2022

You could try the receivers/simple endpoint but I haven't used it myself so can't tell you whether it's a good idea. I mostly use HEC.

Injesting data through search api?

HTTP Event Collector

indexer

JSON

scripted input

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation

Injesting data through search api?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.