Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Injesting data through search api?

nitsrini
Loves-to-Learn
‎02-03-2022 05:24 AM

Is there any way we can inject data to one running Splunk enterprise(on premise) to another through search API? I can find the configured search APIs for Splunk (https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTTUT/RESTsearches) , But searching for a way to inject data through these endpoints without using forwarder .Is this possible? 

0 Karma
Reply

somesoni2
Revered Legend
‎02-03-2022 05:56 AM

Could you provide more details on what type of data you're transferring from one Splunk instance to another and reason behind it?

0 Karma
Reply

nitsrini
Loves-to-Learn
‎02-03-2022 06:44 AM

 @somesoni2  since the documentation provided a way for getting log files data through REST , I was wondering is there  any REST API configuration available in Splunk enterprise for receiving the search data from another running instance of it.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-03-2022 05:53 AM

You could try the receivers/simple endpoint but I haven't used it myself so can't tell you whether it's a good idea. I mostly use HEC.

0 Karma
Reply
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...