AnsweredAssumed Answered

Splunk TA integration with Splunk Cloud

Question asked by Jason Spears on Sep 21, 2018
Latest reply on Oct 1, 2018 by Busby

We are on Splunk Cloud, so scripted and modular inputs are disallowed. We have the TA working on a heavy forwarder, and thought everything was working as needed, but it appears the knowledge base input is designed to create a lookup file locally instead of indexing the data. This puts it on the heavy forwarder, with no mechanism to get it to Splunk Cloud.

 

My initial thought is to just index the csv and generate the lookup from a scheduled search in Splunk Cloud, but I wanted to see if there is a supported solution to this problem. The app page on Splunkbase does say it's compatible with Splunk Cloud, so I'm at a loss.

Outcomes