Splunk Cloud Platform
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Send data from Splunk cloud to external server/Cloud/DB

smanojkumar
Contributor
‎12-02-2021 07:37 AM

I would like to send data (Output) from Splunk to external server/Cloud/DB, Please suggest me the best way.

Everyday around 10-15k records, I would like to utilize that data in other Analytics tool for ex: Power BI

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎12-05-2021 12:57 AM

I'll assume that you want to "export" some sets of data in a batch mode.

You have several options.

First and most obvious is "don't do it, use Splunk" but that's probably not what you're after.

Second one is a pull-mode solution - your external system calls Splunk using API, runs a search, retrieves results.

Third one is relatively simple on Splunk's side, more complicated on receiving side - you schedule a repory in Splunk which sends the results to a mail recipient. Then you have to extract the results from the mail on the receiving end. A bit fussy.

Fourthly, you might look for an app containing appropriate custom alert action so you can save/send the results to your external solution. Of course the results might vary - there might already be such app but there might be not.

And lastly, you can write your own custom alert action. But it involves a bit of development.

I'd strongly suggest checking if what you want with the data can be achieved in Splunk alone.

0 Karma
Reply

smanojkumar
Contributor
‎12-05-2021 08:52 PM

@PickleRick Thanks for your response, We are mostly utilizing Splunk only however this requirement we should send some of the data to other target everyday schedule. Second option using API can you please provide more details

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎12-05-2021 09:03 PM

Splunk provides a relatively rich REST API. https://docs.splunk.com/Documentation/Splunk/8.2.3/RESTREF/RESTprolog

You'll probably be interested mostly in https://docs.splunk.com/Documentation/Splunk/8.2.3/RESTTUT/RESTsearches

0 Karma
Reply

Roy_9
Motivator
‎12-04-2021 11:14 PM

Yes you could try sending these logs into S3 bucket, there is an out of the box feature in Splunk cloud or else you could install splunk add-on for aws too and configure it to point to an S3 bucket.

0 Karma
Reply

smanojkumar
Contributor
‎12-05-2021 08:53 PM

@Roy_9 Thanks for the response, We will check this option if possible provide more details and we are using Microsoft Azure.

0 Karma
Reply

Roy_9
Motivator
‎12-06-2021 06:01 PM

https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureazurestorageaccount

 

This might help you

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
Top