Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Extract information from an index by consuming the Rest API

JoseLuisZM
Observer
‎01-14-2025 10:15 AM

Hi team

Is there a way to connect the splunk cloud platform with splunk on-prem, this to send a specific index to splunk on-prem?

Since the client does not allow modifications to the universal forwarder agents.

 

Regards

Labels (3)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-14-2025 11:51 AM

You can use the API to perform normal searches. Theoretically, you could retrieve indexed events and reingest them on the receiving side. But that is far far from convenient and can cause loads of problems.

0 Karma
Reply

JoseLuisZM
Observer
‎01-14-2025 11:11 AM

And if the client does not accept any type of configuration, is it possible to extract the information or events using Splunk's APIs?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-14-2025 11:16 AM

I cannot see an option how this can do without any configuration on onprem side.

Usually clients approve some configuration changes if they really want this and when those options have explained to them.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-14-2025 11:07 AM

If needed you could add suitable props.conf + transforms.conf on indexers or if you have intermediate HF before on prem indexers to do this. I said that better to have separate HFs before indexers and if possible use those only with those UFs which contains data for this index.

Currently you could also use federated search to search those events on SCP even those are stored in on prem. 
Based on your use case you could chose between those options.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...