Hi
Looking for guidance related to integrating Splunk on-premise infrastructure with 3rd party SaaS providers. We have a SaaS provider who is exposing the data over Rest API and what's best way to consume them from an Splunk enterprise version? Is there an officially supported Splunk ad-on or modular support that allow us to enable this via some simple configuration rather than building something on our own?
Thanks for reply that answers my question
There are many different REST APIs. REST API specifies only how to access such API, what it does is a completely different thing so your question is a bit like "is there a general manual for software that I can just tweak a little". Well, no, there isn't. As @richgalloway said - there might already be a solution for your particular product but then again there might not be. Also be wary that some third party apps might be obsolete or of a higly sub-par quality.
Additional question of course is what you mean by "integration". Pulling events from an external service? Using that service as a dynamic lookup? Acting on that service as alert action? Something else?
It's hard to know what the best way to integrate a product is without knowing what the product itself is. Check splunkbase to see if there's an existing app/add-on to help integrate. Perhaps you can use the REST API Modular Input (https://splunkbase.splunk.com/app/1546). In the worst case, you may need to write your own modular input (it's not that difficult).
Thanks for your reply @richgalloway That third party app you mentioned is exactly what I'm after but we cannot use it since its not officially supported by Splunk so my original question was is there any other similar apps like that supported by Splunk officially I guess the answer is no and only way to achieve the same outcome is that we develop our own modular input?
The only place you'll find Splunk-supported apps is splunkbase. If you're unwilling to use a third-party app then your only option is to create your own.
Thanks for the reply that answers my question
I don't think you can find such a generic app which would be Splunk supported. Good thing is you can try to take this third-party app and review its code before putting it to prod or edit it to suit your needs (but beware of licensing! not all apps are created equal)