We have a partner who wants an extremely light interface to send data into a Splunk instance.
They prefer to make a simple REST call directly from the browser to load a JSON payload into Splunk.
The goal is to NOT have a heavy server-side process, but rather a lightweight REST interface directly to Splunk.
The data would be keyed on the user working in the browser at the time of the call out.
The data would be accessed in a Splunk dashboard/report keying on the user and his/her data.
I saw a recommendation from another post regarding HTTP Event Collector for this purpose. On first thought this seems feasible, but I am interested in knowing the pluses and minuses of both solutions.
This is an interesting use case. This does certainly look like an ideal use case for the http event collector on the heavy forwarder, here are a few reasons why:
Thanks for the quick response Michael.
I'll work with our partner to get them started on using our existing HTTP Event Collectors.