Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

What is the feasibility of using Splunk REST calls from an Angular application running HTLM5 to send data into Splunk directly from the browser?

jamesoconnell
Path Finder
‎12-01-2017 09:36 AM

We have a partner who wants an extremely light interface to send data into a Splunk instance.
They prefer to make a simple REST call directly from the browser to load a JSON payload into Splunk.
The goal is to NOT have a heavy server-side process, but rather a lightweight REST interface directly to Splunk.

The data would be keyed on the user working in the browser at the time of the call out.
The data would be accessed in a Splunk dashboard/report keying on the user and his/her data.

I saw a recommendation from another post regarding HTTP Event Collector for this purpose. On first thought this seems feasible, but I am interested in knowing the pluses and minuses of both solutions.

Regards.

Reply
1 Solution
Solved! Jump to solution
Solution

murbanek_splunk
Splunk Employee
Splunk Employee
‎12-01-2017 10:12 AM

This is an interesting use case. This does certainly look like an ideal use case for the http event collector on the heavy forwarder, here are a few reasons why:

  • The heavy forwarder with http event collector is built for this sort of demand
  • Lightweight is relative, a solution needs to be available and resilient and scalable.
  • Depending on how your network topology is segmented, you'll want a heavy forwarder with an http event collector (not an indexer) as close to the edge as possible: http://dev.splunk.com/view/event-collector/SP-CAAAE73 . see Scenario 2 & 3. You didn't mention if this was for internet facing http calls, but I'm assuming they are.
  • Reusability, should similar use cases arise in the future, you now have a solution that can be shared with other application needs.

Cheers

View solution in original post

Reply
Solved! Jump to solution
Solution

murbanek_splunk
Splunk Employee
Splunk Employee
‎12-01-2017 10:12 AM

This is an interesting use case. This does certainly look like an ideal use case for the http event collector on the heavy forwarder, here are a few reasons why:

  • The heavy forwarder with http event collector is built for this sort of demand
  • Lightweight is relative, a solution needs to be available and resilient and scalable.
  • Depending on how your network topology is segmented, you'll want a heavy forwarder with an http event collector (not an indexer) as close to the edge as possible: http://dev.splunk.com/view/event-collector/SP-CAAAE73 . see Scenario 2 & 3. You didn't mention if this was for internet facing http calls, but I'm assuming they are.
  • Reusability, should similar use cases arise in the future, you now have a solution that can be shared with other application needs.

Cheers

Reply
Solved! Jump to solution

jamesoconnell
Path Finder
‎12-01-2017 10:29 AM

Thanks for the quick response Michael.

I'll work with our partner to get them started on using our existing HTTP Event Collectors.
cheers,
-Jim O.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...