×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
noamm91
Explorer
Member since: ‎01-01-2024
‎02-13-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 5
Karma Received 0
Member Since ‎01-01-2024
Activity Feed
Topics I've Started
View All

Re: Http Event Collector vs Add-on

by in Getting Data In
‎01-01-2024 10:19 AM
‎01-01-2024 10:19 AM
Got it. Thanks. My application has an API. If the add-on can send HTTP requests to my API in order to fetch events and then index them in Splunk then it sounds like exactly what I need. I'll start writing the add-on then. Thank you for being so responsive and informative. ... View more

Re: Http Event Collector vs Add-on

by in Getting Data In
‎01-01-2024 08:42 AM
‎01-01-2024 08:42 AM
Thanks. Regarding the 1st answer - understood. Regarding the 2nd answer - I'm not sure understand (because I didn't explain well) the setup. My system is a SaaS application that is running somewhere in a public cloud, it doesn't know Splunk, so I don't see how writing to stdout or rotating log files is relevant here. The link you sent for the developer tools API doesn't seem relevant either.  The add-on, if I understand correctly, is a piece of code that runs in the customer's Splunk deployment (either enterprise or in their Splunk cloud) and should somehow interact with my SaaS security product in order to get events from it, right? My question is - how does the add-on interact with my SaaS system that isn't where the Splunk /add-on is running?  I can open an additional question it just seems related to my first question which is about the difference between add-on and HEC and I still haven't figured out how the add-on actually works (getting events from an external system that runs elsewhere). ... View more

Re: Http Event Collector vs Add-on

by in Getting Data In
‎01-01-2024 08:17 AM
‎01-01-2024 08:17 AM
Thank you for replying. OK, so sounds like asking customers to enable HEC, create a token, and give it to me so that my product can send events to their Splunk isn't a good practice. Writing an add-on does make sense to me, considering what you wrote, I believe that this is the way to go. Followup questions: 1. Can you describe the process of creating an add-on and publish to the Splunkbase (?) so that my customers can install(?) it? 2. What's the actual logic that this add-on should have? i.e. how would the add-on installed at the customers' Splunk (either cloud or enterprise deployment) be used to deliver events? ... View more

Http Event Collector vs Add-on

by in Getting Data In
‎01-01-2024 03:17 AM
‎01-01-2024 03:17 AM
Some of my customers are using Splunk as their SIEM solution. I have a security platform that needs to integrate into their Splunk to send security events (probably syslog) into a certain index (might be an existing or brand new one). I already made a PoC using HEC and successfully managed to deliver my syslog events into an index in my test Splunk account (using Splunk Cloud Platform). The setup process that my customers will have to do for the integration using HEC is to create a new data input, create a token, and eventually deliver it to me (alongside their Splunk hostname). Now I'm wondering if this process can somehow be simplified using an app/add-on. Not sure exactly what is functionality using an add-on gives and if I can somehow leverage it in order to simplify the integration onboarding process between my security product and my customers. Is there anything else I should consider? Would love to know, I'm completely new to Splunk. Also, case it matters, most of my customers, are using Splunk Cloud Platform but in the future there might be customers that will have Splunk Enterprise, case it matters. Thanks   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-13-2025 07:12 AM
Karma given to
View All