Splunk Cloud Platform

Send data from Splunk cloud to external server/Cloud/DB

smanojkumar
Communicator

I would like to send data (Output) from Splunk to external server/Cloud/DB, Please suggest me the best way.

Everyday around 10-15k records, I would like to utilize that data in other Analytics tool for ex: Power BI

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

I'll assume that you want to "export" some sets of data in a batch mode.

You have several options.

First and most obvious is "don't do it, use Splunk" but that's probably not what you're after.

Second one is a pull-mode solution - your external system calls Splunk using API, runs a search, retrieves results.

Third one is relatively simple on Splunk's side, more complicated on receiving side - you schedule a repory in Splunk which sends the results to a mail recipient. Then you have to extract the results from the mail on the receiving end. A bit fussy.

Fourthly, you might look for an app containing appropriate custom alert action so you can save/send the results to your external solution. Of course the results might vary - there might already be such app but there might be not.

And lastly, you can write your own custom alert action. But it involves a bit of development.

I'd strongly suggest checking if what you want with the data can be achieved in Splunk alone.

0 Karma

smanojkumar
Communicator

@PickleRick Thanks for your response, We are mostly utilizing Splunk only however this requirement we should send some of the data to other target everyday schedule. Second option using API can you please provide more details

0 Karma

PickleRick
SplunkTrust
SplunkTrust
0 Karma

Roy_9
Motivator

Yes you could try sending these logs into S3 bucket, there is an out of the box feature in Splunk cloud or else you could install splunk add-on for aws too and configure it to point to an S3 bucket.

0 Karma

smanojkumar
Communicator

@Roy_9 Thanks for the response, We will check this option if possible provide more details and we are using Microsoft Azure.

0 Karma

Roy_9
Motivator
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...