Getting Data In

Injesting data through search api?

nitsrini
Loves-to-Learn

Is there any way we can inject data to one running Splunk enterprise(on premise) to another through search API? I can find the configured search APIs for Splunk (https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTTUT/RESTsearches) , But searching for a way to inject data through these endpoints without using forwarder .Is this possible? 

0 Karma

somesoni2
Revered Legend

Could you provide more details on what type of data you're transferring from one Splunk instance to another and reason behind it?

0 Karma

nitsrini
Loves-to-Learn

 @somesoni2  since the documentation provided a way for getting log files data through REST , I was wondering is there  any REST API configuration available in Splunk enterprise for receiving the search data from another running instance of it.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

You could try the receivers/simple endpoint but I haven't used it myself so can't tell you whether it's a good idea. I mostly use HEC.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...