What is the difference between single-instance and...

Getting Data In

Hi Dear Splunkers,

I am trying to develop a Modular Input for our REST API which will ingest some data from our API through a python script implementation. The idea is simple. The modular input will poll our REST API after some interval, fetch the data, and index it into Splunk.

However, I am confused about the concept of single-instance and multiple-instance modular inputs. What I have understood is that single-instance modular inputs can be configured only once by the user and there is only one instance of the python script running at any point. Our API has the same type of data so there is no need for the user to configure multiple inputs otherwise, as the same data will be duplicated and indexed by Splunk which will be wasteful, I believe.

Can someone explain to me the major difference between both types in easy terms, and also suggest which type of modular input I should create for my use case?

Thanking you all for taking the time to read this.

Regards!

Get Updates on the Splunk Community!

What is the difference between single-instance and multiple-instance modular inputs for REST API?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation