Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Elastic to Splunk Migration--how to ?

teluchi78
Engager
‎06-08-2019 03:07 AM

We have recently started a migration project from Elastic (ELK) to Splunk where we are trying to move away a bit from elk.The problem is that we don't want to move data into the Splunk because some sources don't work well with Splunk and some sources are just too expensive to index; how can we solve that problem ? any way to connect elastic and Splunk and have a sort of a hybrid solution ?
-Bel

Reply

jason96
New Member
‎12-17-2019 08:22 AM

스플렁크에서 elk 데이터를 조회하도록 만든 제품이 있는데
여긴 한국이라,,,

0 Karma
Reply

DavidHourani
Super Champion
‎06-16-2019 06:16 AM

Hi @teluchi78,

Currently, there are some scripts and connectors that can achieve this, but you almost certainly will run into some unsupported features at some point.

Here's an example of a connectors you can use which is available on splunk base:
https://splunkbase.splunk.com/app/4175/

You can also build your own Splunk advanced search command like here :
https://devpost.com/software/splunk-elasticsearch

In either way you won't have full flexibility to manipulate the data in ELK using Splunk. I think the best way to make such a connection would be to leverage a data virtualization solution such as Gemini Data. It will run on top of Splunk and allow you to link your Splunk to any of your data silos. Let me know if you need more details about that, happy to tell you how it helps make data connections to Splunk easier.

Cheers,
David

0 Karma
Reply

mydog8it
Builder
‎06-09-2019 09:15 PM

There is a GitHub project out there to search ELK from Splunk...
https://github.com/hvandenb/splunk-elasticsearch

Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-08-2019 11:44 PM

@teluchi78 - The hybrid solution is difficult to design but I think you can ingest your new data into Splunk and use it from there and for old data, you continue to use ELK (anyway ELK is free).

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...