Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

REST Inputs in cluster architecture

mudragada
Path Finder
‎02-02-2017 08:57 PM

Hi,

I have a Splunk Heavy Forwarder, Indexer master and two Indexer slaves, two search heads in the current architecture.
I have few rest inputs within the network (a firewall away) to get the values in.

Now, I need to choose the machine on which the rest_ta app can be installed and define the rest inputs, to an existing index.

By practice/convention, where should the rest_ta app be installed and the inputs defined?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mudragada
Path Finder
‎03-09-2017 10:03 PM

Figured this one out. As stated in http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings, REST TA app needs to be installed on all HeavyForwarders - and the deployment-app should be used in HeavyForwarder configuration.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mudragada
Path Finder
‎03-09-2017 10:03 PM

Figured this one out. As stated in http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings, REST TA app needs to be installed on all HeavyForwarders - and the deployment-app should be used in HeavyForwarder configuration.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎02-24-2017 08:46 AM

Hi mudragada,
the Heavy Forwarder is probably your best bet here. the inputs will be defined from the GUI - settings (top right corner) -> Data inputs -> REST

0 Karma
Reply
Solved! Jump to solution

mudragada
Path Finder
‎02-28-2017 08:22 PM

I have about 700 rest inputs - which I need to define in a conf file. When I did via the UI, they're going into apps/search/local/inputs.conf. Is there a way we can define the inputs in a different file or folder, other than the ones that are defined already in the search app?

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎03-01-2017 06:40 AM

there are many rest inputs packaged ni prebuilt apps, AWS and SalesForce are just an example link here: https://splunkbase.splunk.com/app/1274/ and are free to download at splunkbase. you can package rest inputs in apps of your choice.

0 Karma
Reply
Solved! Jump to solution

mudragada
Path Finder
‎03-01-2017 07:34 AM

The REST end points are internal to my network and REST Modular input is what I chose to enable them in Splunk to gather data. AWS app or SalesForce app may not help the situation.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎03-01-2017 07:38 AM

sure, it was just an example, so you can follow the inputs structure.
to your question, yes you can configure in different apps, therefore separate folder
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...