Elastic to Splunk Migration--how to ?


We have recently started a migration project from Elastic (ELK) to Splunk where we are trying to move away a bit from elk.The problem is that we don't want to move data into the Splunk because some sources don't work well with Splunk and some sources are just too expensive to index; how can we solve that problem ? any way to connect elastic and Splunk and have a sort of a hybrid solution ?

Hi @teluchi78,

Currently, there are some scripts and connectors that can achieve this, but you almost certainly will run into some unsupported features at some point.

Here's an example of a connectors you can use which is available on splunk base:

You can also build your own Splunk advanced search command like here :

In either way you won't have full flexibility to manipulate the data in ELK using Splunk. I think the best way to make such a connection would be to leverage a data virtualization solution such as Gemini Data. It will run on top of Splunk and allow you to link your Splunk to any of your data silos. Let me know if you need more details about that, happy to tell you how it helps make data connections to Splunk easier.


There is a GitHub project out there to search ELK from Splunk...


@teluchi78 - The hybrid solution is difficult to design but I think you can ingest your new data into Splunk and use it from there and for old data, you continue to use ELK (anyway ELK is free).

