Hi,
Could you tell me, do you have sort of "list of supported data sources"?
Actually, I want to know complete list of connectors to data source types supported in Splunk Enterprise.
Thanks!
With Splunk there is no such thing as "list of supported data sources" as:
- we take any ascii data
- we have schema on the fly where data knowledge happened at search time and can be modified/created at anytime.http://docs.splunk.com/Documentation/Splunk/6.1.4/Knowledge/WhatisSplunkknowledge
- we have nearly 600 apps providing data knowledge,reports and dashboards. https://apps.splunk.com
With Splunk there is no such thing as "list of supported data sources" as:
- we take any ascii data
- we have schema on the fly where data knowledge happened at search time and can be modified/created at anytime.http://docs.splunk.com/Documentation/Splunk/6.1.4/Knowledge/WhatisSplunkknowledge
- we have nearly 600 apps providing data knowledge,reports and dashboards. https://apps.splunk.com
MarioM is being much too restrictive: Splunk can consume any text data, not just ASCII. UTF-8 is well-supported, for instance. See [https://answers.splunk.com/answers/137342/splunk-cannot-index-and-search-charset-utf-8-without-bom.h... this answer] where it is mentioned one can add CHARSET to the props.conf of any source input.
How I understood, it supports:
1. Files\Directories monitoring (remote and local)
2. Windows Event Log collection (local via event log channels and remote via WMI)
3. Windows Performance Monitoring (local via PHD API and remote via WMI)
4. AD changes monitoring
5. Local Windows Registry cahnges
6. SNMP traps.
7. Data collection from UDP and TCP ports
8. Collection data from FIFO
9. Scripted Inputs (remote and local)
Sorry, if I made a mistake
if you are doing a competitive analysis i would recommend you to contact splunk Sales Engineering team as they will have plenty of infos to share with you
Thanks for the information Ayn.
Let me change my question.
What kind of collection mechanisms Splunk Enterprise supports from-the-box (without apps instalation)?
How I understood from this documentation:
1. Splunk doesn't support netflow (or other protocols)?
2. Splunk doesn't suppor ODBC or JDBS?
3. Splunk doesn't support SSH/Telnet?
Is this right?
Splunk supports scripted inputs which means you're totally free to implement whatever input type you like. There's an app for for netflow, so it supports netflow. There's an app for grabbing database input and there's an ODBC driver that you can use, so it supports that. I don't know how you would expect to index anything using telnet.
Ok, In this case
Could you tell me, do you have a list of available collection mechanism?
Sort of:
Remote collection:
* ODBS
* SSH/Telnet
* ...
Local collection:
* Windows files
* Linux files
* ...
Passive collection:
* SNMP
* SysLog
* NetFlow
* ...
as addition:
There is a full list of known/pretrained sourcetypes available on docs http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/Listofpretrainedsourcetypes
In other words, I want to know, what kind of data and from what kind of sources (I mean OS (Windows, Linux,...), Network Devices (Cisco, Juniper, ...) ...) can be received by a Splunk Indexer?
any kind from the moment it is ascii and you have a mechanism to collect it: http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/WhatSplunkcanmonitor
So, Can Splunk take any type of data from any type of sources (juniper, cisco, RADIUS, ...)?