My question was also asked in
http://splunk-base.splunk.com/answers/10113/using-custom-code-to-push-log-data-directly-to-splunk-ov...
Where the consensus was to avoid doing this (trying to write directly into Splunk over a TCP socket) and use syslog appender or other stuff.
However the data we want to log is on a multicast network and we want to produce a gateway that will take it off that network and log it to spunk, so rather than writing a file (and worrying about file permissions) we would rather just write to a socket.
So if we want to do this is there a spec for or a (Java) API or the protocol to use (including the failover/load balancing stuff) to send data directly into Splunk.
Les
Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.
Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.
That sounds like exactly what we want.
We're new to Splunk - I will find that part of TFM and Read it.
Thanks
Les
Why don't you just install a dedicated Universal Forwarder on your gateway that has a raw TCP input and forwards on to your indexer(s) ?
As far as I am aware, the Splunk forwarding protocol is not released as a standalone API in any language.
As far as an alternative API for inputing data , there is a REST endpoint, but you won't get the features of the UF unless you code something yourself(load balancing, throughput throttling, queuing etc..)
Scroll down to the "Adding Data" section.
You could code the REST calls yourself, or even better, use the Python SDK :