Splunk Enterprise

How to decrease local security settings on my local Splunk instance to receive data from another application?

arajesh456
New Member

I installed Splunk 6.4.4 in my local host.
I am trying to use Splunk only for Data Push & Retrieval operation.

I have another application "X" (which generates data) and provided with Splunk extension with Service called "SendEvent", "Search".

When I try to use SendEvent service to push data to my local Splunk, it gives error as "Unable to invoke service".

"X" application uses SSL.

This means some local hosted Splunk security setting is blocking the request.

So could you please tell me how to decrease local security settings in order to receive data from another application?

0 Karma

dkoshe_splunk
Splunk Employee
Splunk Employee

Hello arajesh456,

Have you looked at HTTP Event Collector ?
Although the article talks about Splunk Enterprise, it works perfectly fine with Splunk Light as well.

Also, other ways of getting data from external applications are to setup a universal forwarder on the host where application is potentially writing logs (if that's the case), and having forwarder monitor the folder where log files are and forward it to Splunk Light instance. You can read information about it here.
-Dhananjay

0 Karma

ppablo
Retired

Hi @arajesh456

Did you mean to put Splunk "4.4"? What version are you referring to exactly?

0 Karma

msmith4
New Member

you may consider using something like fiddler or burp, if debugging local SSL connections can help you find the details of the issue and the exact error message.

0 Karma

arajesh456
New Member

How Splunk can be integrated with other application to store data & query data?
can Splunk instance be reachable through : Server Name, Port, authenticated Admin user name, password and provide method to push data? through Http / SSL.
and also if anyone can help here to provide the name of Method/Functionality to push data to Splunk instance from outside apps? is it "Add Data"?

Thanks.

0 Karma

arajesh456
New Member

Sorry... I am using Splunk 6.4.4

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...