Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there an API to write data directly into Splunk

lspiro
New Member
‎11-03-2011 04:44 PM

My question was also asked in
http://splunk-base.splunk.com/answers/10113/using-custom-code-to-push-log-data-directly-to-splunk-ov...

Where the consensus was to avoid doing this (trying to write directly into Splunk over a TCP socket) and use syslog appender or other stuff.

However the data we want to log is on a multicast network and we want to produce a gateway that will take it off that network and log it to spunk, so rather than writing a file (and worrying about file permissions) we would rather just write to a socket.

So if we want to do this is there a spec for or a (Java) API or the protocol to use (including the failover/load balancing stuff) to send data directly into Splunk.

Les

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

psanford_splunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Les - Noticed that you mentioned Java as well. We are currently granting pre-release access to our Java SDK on GitHub, which I can give you as well. Just send me an email to: psanford@splunk.com and give me your GitHub ID.

0 Karma
Reply
Solved! Jump to solution

lspiro
New Member
‎11-04-2011 01:42 AM

That sounds like exactly what we want.

We're new to Splunk - I will find that part of TFM and Read it.

Thanks

Les

0 Karma
Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎11-03-2011 07:23 PM

Why don't you just install a dedicated Universal Forwarder on your gateway that has a raw TCP input and forwards on to your indexer(s) ?

As far as I am aware, the Splunk forwarding protocol is not released as a standalone API in any language.

As far as an alternative API for inputing data , there is a REST endpoint, but you won't get the features of the UF unless you code something yourself(load balancing, throughput throttling, queuing etc..)

REST API

Scroll down to the "Adding Data" section.

You could code the REST calls yourself, or even better, use the Python SDK :

Splunk SDKs

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...