Data inputs
Knowing all of the applications and methods we can use to get data into Splunk, let's talk about the types of data inputs from data sources, and how they get to the indexer. There are six general types of data inputs in Splunk:
- API inputs
- Database inputs
- Monitoring inputs
- Scripted inputs
- Modular inputs
- Windows inputs
API inputs
There are two ways to get REST API data into Splunk:
- Download the REST API modular input, and install it into your Heavy Forwarder
- Write a REST API poller using cURL or some other method to query the API, and scrub the output for the data you need
If at all possible, use the REST API modular input from Splunk, as it is very easy to set up and use. Just figure out your URL, and set up the API input and it's interval that you want it to be polled at.
Tip
Q: When would you ever use a custom API input if Splunk already has a REST API input available? A: When one doesn't already exist, and it's the only way to get data from your system.
An example of...
