Rest API to get all events

Eshwar · ‎02-13-2024

Hello Splunk experts,

I would like to know is there an API which can access all events which are generating in Splunk irrespective of search? Please suggest!

Thank you in advance.

Regards,

Eshwar

richgalloway · ‎02-14-2024

The only way to retrieve events from Splunk is via a search.

---
If this reply helps you, Karma would be appreciated.

Eshwar · ‎02-14-2024

Hi @richgalloway ,

I got it but thing here is I want to get those events which are retrieving via search through REST API because we are integrating Splunk with other tool to forward all the events. So, we are looking for an API which provides all events.

Regards,

Eshwar

richgalloway · ‎02-14-2024

There is no API that will provide every event Splunk receives. Splunk does not want to make it easy to transition to a different product. To use the API, you'll have to run a search (perhaps a real-time search) and collect the events from the search results.

Depending on the other tool, you may be able to use Ingest Actions to fork the data to S3 where the other tool may be able to pick them up.

---
If this reply helps you, Karma would be appreciated.

Rest API to get all events

administration

development

using Splunk Enterprise

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation