Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

REST Inputs in cluster architecture

mudragada
Path Finder
‎02-02-2017 08:57 PM

Hi,

I have a Splunk Heavy Forwarder, Indexer master and two Indexer slaves, two search heads in the current architecture.
I have few rest inputs within the network (a firewall away) to get the values in.

Now, I need to choose the machine on which the rest_ta app can be installed and define the rest inputs, to an existing index.

By practice/convention, where should the rest_ta app be installed and the inputs defined?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mudragada
Path Finder
‎03-09-2017 10:03 PM

Figured this one out. As stated in http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings, REST TA app needs to be installed on all HeavyForwarders - and the deployment-app should be used in HeavyForwarder configuration.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mudragada
Path Finder
‎03-09-2017 10:03 PM

Figured this one out. As stated in http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings, REST TA app needs to be installed on all HeavyForwarders - and the deployment-app should be used in HeavyForwarder configuration.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎02-24-2017 08:46 AM

Hi mudragada,
the Heavy Forwarder is probably your best bet here. the inputs will be defined from the GUI - settings (top right corner) -> Data inputs -> REST

0 Karma
Reply
Solved! Jump to solution

mudragada
Path Finder
‎02-28-2017 08:22 PM

I have about 700 rest inputs - which I need to define in a conf file. When I did via the UI, they're going into apps/search/local/inputs.conf. Is there a way we can define the inputs in a different file or folder, other than the ones that are defined already in the search app?

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎03-01-2017 06:40 AM

there are many rest inputs packaged ni prebuilt apps, AWS and SalesForce are just an example link here: https://splunkbase.splunk.com/app/1274/ and are free to download at splunkbase. you can package rest inputs in apps of your choice.

0 Karma
Reply
Solved! Jump to solution

mudragada
Path Finder
‎03-01-2017 07:34 AM

The REST end points are internal to my network and REST Modular input is what I chose to enable them in Splunk to gather data. AWS app or SalesForce app may not help the situation.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎03-01-2017 07:38 AM

sure, it was just an example, so you can follow the inputs structure.
to your question, yes you can configure in different apps, therefore separate folder
hope it helps

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...