Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to index data from a local process

MatMeredith
Path Finder
‎04-10-2014 05:06 AM

I'm using a Splunk forwarder to forward data from an application running on the same Linux box as my forwarder.

Obviously I could have my process write out all the data to disk, and have Splunk monitor these files for new data. However, the disk is already heavily loaded on this box, and this doesn't seem terribly efficient.

Is there a better solution?

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-10-2014 05:24 AM

Going through files often is the best solution, but there are alternatives. You could have the application write syslog entries ovto the network and have Splunk receive them, or you could let the application enter data into Splunk directly through its REST API. What's best for your case depends on your case.

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...