Re: Injesting data through search api?

nitsrini · ‎02-03-2022

Is there any way we can inject data to one running Splunk enterprise(on premise) to another through search API? I can find the configured search APIs for Splunk (https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTTUT/RESTsearches) , But searching for a way to inject data through these endpoints without using forwarder .Is this possible?

somesoni2 · ‎02-03-2022

Could you provide more details on what type of data you're transferring from one Splunk instance to another and reason behind it?

nitsrini · ‎02-03-2022

@somesoni2 since the documentation provided a way for getting log files data through REST , I was wondering is there any REST API configuration available in Splunk enterprise for receiving the search data from another running instance of it.

PickleRick · ‎02-03-2022

You could try the receivers/simple endpoint but I haven't used it myself so can't tell you whether it's a good idea. I mostly use HEC.

Injesting data through search api?

HTTP Event Collector

indexer

JSON

scripted input

Windows

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

Injesting data through search api?