I needed to pull asset data from SharePoint to Splunk as a lookup table to feed into Splunk Enterprise Security. I looked at the Splunk add-on for SharePoint, but it's more for the integration of the SharePoint server. Any ideas on how to accomplish this?
Use Sharepoint's REST API to dump list data as XML and then index
https://mySPsite.com/sites/mySProot/_api/web/lists/getbytitle('MyListName')/Items
Then ingest into splunk and index
https://answers.splunk.com/answers/187195/how-to-add-and-parse-xml-data-in-splunk.html
If you have items in lists in Sharepoint and would like to use them in Splunk and don't want the extra features of the Sharepoint app, I'd recommend using the Splunk DB Connect 2 app and build direct SQL queries to pull the information you'd like to have available. You can see the user documentation for more information.
Thanks for the suggestion but we are not able to connect to SQL server in our environment.