All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Elastic Search Data Integrator - Using index patterns as indices ?

welo78
Explorer
‎10-24-2022 12:36 PM

Hello all, we have a problem that our Splunk's Elastic Search Integrator addon is using a forbidenn character inside it's Splunk index due to connecting to a "frontend" cluster. Let me explain.

The problem is that they have a “frontend” cluster which uses index patterns to search between clusters. This is also the cluster which’s endpoint is connected to our Elasticsearch Data Integrator app for Splunk. The “backend” cluster is the one containing our index.

So the infrastructe is like this:

Cluster Backend > Cluster Frontend > Splunk’s addon

Backend’s Cluster index: security-audit-XXX

Frontend’s cluster index pattern: *:security-audit-*

As it is stated in Elastic's documentation here, the use of colon (:) inside index is forbidden. However we are using it and index pattern. Does anybody have any suggestions how to tackle this ?

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...