I would like to send data (Output) from Splunk to external server/Cloud/DB, Please suggest me the best way.
Everyday around 10-15k records, I would like to utilize that data in other Analytics tool for ex: Power BI
I'll assume that you want to "export" some sets of data in a batch mode.
You have several options.
First and most obvious is "don't do it, use Splunk" but that's probably not what you're after.
Second one is a pull-mode solution - your external system calls Splunk using API, runs a search, retrieves results.
Third one is relatively simple on Splunk's side, more complicated on receiving side - you schedule a repory in Splunk which sends the results to a mail recipient. Then you have to extract the results from the mail on the receiving end. A bit fussy.
Fourthly, you might look for an app containing appropriate custom alert action so you can save/send the results to your external solution. Of course the results might vary - there might already be such app but there might be not.
And lastly, you can write your own custom alert action. But it involves a bit of development.
I'd strongly suggest checking if what you want with the data can be achieved in Splunk alone.
@PickleRick Thanks for your response, We are mostly utilizing Splunk only however this requirement we should send some of the data to other target everyday schedule. Second option using API can you please provide more details
Splunk provides a relatively rich REST API. https://docs.splunk.com/Documentation/Splunk/8.2.3/RESTREF/RESTprolog
You'll probably be interested mostly in https://docs.splunk.com/Documentation/Splunk/8.2.3/RESTTUT/RESTsearches
Yes you could try sending these logs into S3 bucket, there is an out of the box feature in Splunk cloud or else you could install splunk add-on for aws too and configure it to point to an S3 bucket.