Sidehistorik
...
Where Logstash only gave us the possibility to "bulk" upload the Query result to Elasticsearch - "Splunk DB Connect" gives us 3 options:
Tip |
---|
This is where Splunk in my Opinion "runs over" the ELK stack - There are more GUI and both inputs (as Logstash) and on-the-fly lookup |
DB Inputs
DB Inputs are "equal" to the Logstash approach, load the Query result into Splunk as "log lines":
...