Sidehistorik

...

Where Logstash only gave us the possibility to "bulk" upload the Query result to Elasticsearch - "Splunk DB Connect" gives us 3 options:

Tip
This is where Splunk in my Opinion "runs over" the ELK stack - There are more GUI and both inputs (as Logstash) and on-the-fly lookup

DB Inputs are "equal" to the Logstash approach, load the Query result into Splunk as "log lines":

...

Versioner sammenlignet