Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there an API to write data directly into Splunk

lspiro
New Member
‎11-03-2011 04:44 PM

My question was also asked in
http://splunk-base.splunk.com/answers/10113/using-custom-code-to-push-log-data-directly-to-splunk-ov...

Where the consensus was to avoid doing this (trying to write directly into Splunk over a TCP socket) and use syslog appender or other stuff.

However the data we want to log is on a multicast network and we want to produce a gateway that will take it off that network and log it to spunk, so rather than writing a file (and worrying about file permissions) we would rather just write to a socket.

So if we want to do this is there a spec for or a (Java) API or the protocol to use (including the failover/load balancing stuff) to send data directly into Splunk.

Les

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.

0 Karma
Reply
Solved! Jump to solution

lspiro
New Member
‎11-04-2011 01:42 AM

That sounds like exactly what we want.

We're new to Splunk - I will find that part of TFM and Read it.

Thanks

Les

0 Karma
Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎11-03-2011 07:23 PM

Why don't you just install a dedicated Universal Forwarder on your gateway that has a raw TCP input and forwards on to your indexer(s) ?

As far as I am aware, the Splunk forwarding protocol is not released as a standalone API in any language.

As far as an alternative API for inputing data , there is a REST endpoint, but you won't get the features of the UF unless you code something yourself(load balancing, throughput throttling, queuing etc..)

REST API

Scroll down to the "Adding Data" section.

You could code the REST calls yourself, or even better, use the Python SDK :

Splunk SDKs

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...