How do you use Splunk to search within document te...

roseneric4 · ‎10-10-2018

Is it possible to use Splunk as search engine that uses a wiki server and SharePoint as its data sources? It must search within document text for example the contents of the files in a SharePoint document library.

The idea is to create a dashboard with a nice simple search interface that brings back the "articles" highlighting the key term and filtering down based on certain functional or application name etc.

sduff_splunk · ‎10-10-2018

Splunk does not have a web-crawler component, you would need to fetch all the documents from SharePoint through some means.

Unfortunately, the Splunk Add-on for Microsoft Office 365 only fetches the audit logs for SharePoint, not the actual data. There may be some way to use the Splunk Add-on for Microsoft Cloud Services to fetch the data from Azure Storage Tables, but I am not 100% certain if SharePoint data is accessible via that means.

It seems like the 'official' way is to use one of the methods described at https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-... to fetch the data, most likely the REST API. You would need to write a script to do the following:

Get a list of all documents, via http://server/site/_api/lists
For each list, get all that lists items, via http://server/site/_api/lists/getbytitle('listname')/items
Process each of those items and the metadata, and index that in Splunk.

This page probably describes the details of what you'll need to develop.
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service

How do you use Splunk to search within document text of wiki server and SharePoint data sources?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies