One of the approach to get data from Splunk to Hadoop is to use REST API provided by Splunk. Such that periodically data is ingested to Hadoop Data Lake.
Simple command like below can help in such scenario:
curl
-u '<username>:<password>' \
-k https://splunkhost:8089/services/search/jobs/export \
-d search="search index=myindex | head 10" \
-d output_mode=raw \
| hdfs dfs -put -f - <HDFS_DIR>
Above command will get top 10 rows from Splunk index "myindex" and will ingest it to Hadoop Data Lake
Comments
Post a Comment