Getting Data In

Where can I find a complete list of data source types that can be indexed in Splunk?

kartvasilii
New Member

Hi,
Could you tell me, do you have sort of "list of supported data sources"?
Actually, I want to know complete list of connectors to data source types supported in Splunk Enterprise.
Thanks!

Tags (3)
0 Karma
1 Solution

MarioM
Motivator

With Splunk there is no such thing as "list of supported data sources" as:
- we take any ascii data
- we have schema on the fly where data knowledge happened at search time and can be modified/created at anytime.http://docs.splunk.com/Documentation/Splunk/6.1.4/Knowledge/WhatisSplunkknowledge
- we have nearly 600 apps providing data knowledge,reports and dashboards. https://apps.splunk.com

View solution in original post

MarioM
Motivator

With Splunk there is no such thing as "list of supported data sources" as:
- we take any ascii data
- we have schema on the fly where data knowledge happened at search time and can be modified/created at anytime.http://docs.splunk.com/Documentation/Splunk/6.1.4/Knowledge/WhatisSplunkknowledge
- we have nearly 600 apps providing data knowledge,reports and dashboards. https://apps.splunk.com

DUThibault
Contributor

MarioM is being much too restrictive: Splunk can consume any text data, not just ASCII. UTF-8 is well-supported, for instance. See [https://answers.splunk.com/answers/137342/splunk-cannot-index-and-search-charset-utf-8-without-bom.h... this answer] where it is mentioned one can add CHARSET to the props.conf of any source input.

0 Karma

kartvasilii
New Member

How I understood, it supports:
1. Files\Directories monitoring (remote and local)
2. Windows Event Log collection (local via event log channels and remote via WMI)
3. Windows Performance Monitoring (local via PHD API and remote via WMI)
4. AD changes monitoring
5. Local Windows Registry cahnges
6. SNMP traps.
7. Data collection from UDP and TCP ports
8. Collection data from FIFO
9. Scripted Inputs (remote and local)

Sorry, if I made a mistake

0 Karma

MarioM
Motivator

if you are doing a competitive analysis i would recommend you to contact splunk Sales Engineering team as they will have plenty of infos to share with you

kartvasilii
New Member

Thanks for the information Ayn.
Let me change my question.
What kind of collection mechanisms Splunk Enterprise supports from-the-box (without apps instalation)?

0 Karma

kartvasilii
New Member

How I understood from this documentation:
1. Splunk doesn't support netflow (or other protocols)?
2. Splunk doesn't suppor ODBC or JDBS?
3. Splunk doesn't support SSH/Telnet?

Is this right?

0 Karma

Ayn
Legend

Splunk supports scripted inputs which means you're totally free to implement whatever input type you like. There's an app for for netflow, so it supports netflow. There's an app for grabbing database input and there's an ODBC driver that you can use, so it supports that. I don't know how you would expect to index anything using telnet.

kartvasilii
New Member

Ok, In this case
Could you tell me, do you have a list of available collection mechanism?
Sort of:
Remote collection:
* ODBS
* SSH/Telnet
* ...
Local collection:
* Windows files
* Linux files
* ...
Passive collection:
* SNMP
* SysLog
* NetFlow
* ...

0 Karma

MuS
SplunkTrust
SplunkTrust

as addition:

There is a full list of known/pretrained sourcetypes available on docs http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/Listofpretrainedsourcetypes

kartvasilii
New Member

In other words, I want to know, what kind of data and from what kind of sources (I mean OS (Windows, Linux,...), Network Devices (Cisco, Juniper, ...) ...) can be received by a Splunk Indexer?

0 Karma

MarioM
Motivator

any kind from the moment it is ascii and you have a mechanism to collect it: http://docs.splunk.com/Documentation/Splunk/6.1.4/Data/WhatSplunkcanmonitor

kartvasilii
New Member

So, Can Splunk take any type of data from any type of sources (juniper, cisco, RADIUS, ...)?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...