Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can i send somes logs from splunkcloud to graylog instances ?

ebuitweb
Explorer
‎06-12-2020 01:29 AM

Hi,

To centralize a part of our logs with another team, we need to push the result of a splunk query to a graylog instances.  i didn't find a splunk app or splunk feature to do it.

do you have an idea ?

thanks

Labels (2)
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎06-12-2020 01:41 AM

You could look to create a custom alert action and use this to send data out Splunk.

https://docs.splunk.com/Documentation/Splunk/8.0.4/AdvancedDev/ModAlertsBasicExample

As you're on SplunkCloud you'll need to make sure that the endpoint you're sending to is SSL to pass the vetting.

Alternatively you could look at sending to Graylog's GELF via HTTP from the DBData/REST Lookup app. I think it can be configured to send a payload (e.g. the output of your search) - although I wouldnt suggest this if you have more than a handful of lines to send, but may inspire other options! https://splunkbase.splunk.com/app/4253/

 

0 Karma
Reply

ebuitweb
Explorer
‎06-12-2020 05:24 AM

hi livehybrid,

thanks for your help, so the best solution is to create a custom alert to send data to graylog. how to be sure that all event (search result) are sent to the graylog . For example if we have a connection issues, is there a retry mechanism ? 

thanks 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...