Reporting

Get Data into Splunk from Elasticsearch

robertlynch2020
Motivator

Hi

What is the best way to get data into Splunk from Elasticsearch, so i can put Datamodles on to it.

Thanks
Robert Lynch

Labels (1)

DavidHourani
Super Champion
0 Karma

larmesto
Path Finder

This might be helpful for anyone visiting; I have started working on an addon for Elasticsearch instances, feel free to use it!
https://splunkbase.splunk.com/app/4175/

highsplunker
Contributor

Hi larmesto!

Is this solution a reliable instument for data input?
Like splunk dbconnect, for example.

Thanks in advance.
Rashid

0 Karma

hcannon
Path Finder

I have used this and it works really well so far in Splunk 7.1:
https://github.com/brunotm/elasticsplunk

it adds a new command ess that allows you to specify one or more nodes to search against. It provides results back using the statistics model (sorta like using db connect to query a db directly).

0 Karma

consultanteIman
New Member

hello,

From what I have made :
I query elasticsearch via python scripts, then I route the results to the Python script.
And I deposit the script.py on the bin of my application. And there you can call it easily.

Kind regards
Imane El Mostaad,

0 Karma

highsplunker
Contributor

hi Imane El Mostaad,
it this method OK and reliable?

thanks in advance,
Rashid

0 Karma

highsplunker
Contributor

Hi p_gurav!
Could you please share your experience, are these 2 solutions reliable as an instument for data input?
Like splunk dbconnect, for example.

Thanks in advance.
Rashid

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...