Solved: Re: What are the advantages and disadvantages of u...

dheeran · ‎10-10-2019

I am having a scenario where a script can either produce a csv or a stdout.
Which is the best route to ingest this data?

The dataset in question is employee information where we do not expect a huge number of new records every day.

Thanks in advance
Siva

ivanreis · ‎10-10-2019

I would suggest to produce the csv instead of stdout. If you lose any network connectivity the data you are trying to run thought stdout can be lost, if you do not have any buffer to store this data.
According to the Splunk Administration manual, this is the only the downside of using scripting inputs.
"One possible downside to scripted input is potential loss of data
– Example: the forwarder that is running the script is not able to connect to the indexer due to networking problems".

View solution in original post

ivanreis · ‎10-10-2019

I would suggest to produce the csv instead of stdout. If you lose any network connectivity the data you are trying to run thought stdout can be lost, if you do not have any buffer to store this data.
According to the Splunk Administration manual, this is the only the downside of using scripting inputs.
"One possible downside to scripted input is potential loss of data
– Example: the forwarder that is running the script is not able to connect to the indexer due to networking problems".

What are the advantages and disadvantages of using scripted input vs file input ?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?