Getting Data In

What is the difference between single-instance and multiple-instance modular inputs for REST API?

Path Finder

Hi Dear Splunkers,

I am trying to develop a Modular Input for our REST API which will ingest some data from our API through a python script implementation. The idea is simple. The modular input will poll our REST API after some interval, fetch the data, and index it into Splunk.

However, I am confused about the concept of single-instance and multiple-instance modular inputs. What I have understood is that single-instance modular inputs can be configured only once by the user and there is only one instance of the python script running at any point. Our API has the same type of data so there is no need for the user to configure multiple inputs otherwise, as the same data will be duplicated and indexed by Splunk which will be wasteful, I believe.

Can someone explain to me the major difference between both types in easy terms, and also suggest which type of modular input I should create for my use case?

Thanking you all for taking the time to read this.


Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...