Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is there an API to write data directly into Splunk

lspiro
New Member
‎11-03-2011 04:44 PM

My question was also asked in
http://splunk-base.splunk.com/answers/10113/using-custom-code-to-push-log-data-directly-to-splunk-ov...

Where the consensus was to avoid doing this (trying to write directly into Splunk over a TCP socket) and use syslog appender or other stuff.

However the data we want to log is on a multicast network and we want to produce a gateway that will take it off that network and log it to spunk, so rather than writing a file (and worrying about file permissions) we would rather just write to a socket.

So if we want to do this is there a spec for or a (Java) API or the protocol to use (including the failover/load balancing stuff) to send data directly into Splunk.

Les

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.

0 Karma
Reply
Solved! Jump to solution

lspiro
New Member
‎11-04-2011 01:42 AM

That sounds like exactly what we want.

We're new to Splunk - I will find that part of TFM and Read it.

Thanks

Les

0 Karma
Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎11-03-2011 07:23 PM

Why don't you just install a dedicated Universal Forwarder on your gateway that has a raw TCP input and forwards on to your indexer(s) ?

As far as I am aware, the Splunk forwarding protocol is not released as a standalone API in any language.

As far as an alternative API for inputing data , there is a REST endpoint, but you won't get the features of the UF unless you code something yourself(load balancing, throughput throttling, queuing etc..)

REST API

Scroll down to the "Adding Data" section.

You could code the REST calls yourself, or even better, use the Python SDK :

Splunk SDKs

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...