Splunk Elasticsearch integration

Folks,

I wanted to let you know, I have been working on a "search command" for
splunk that allows me to use the SPLUNK GUI but query data in
elasticsearch.

I just wanted to let you know it was out there as I never found anything
similar.
https://github.com/eperry/splunk-elasticsearch

Use Case:

Splunk is very expense to license
Most data in logfiles are not needed for Management Dashboard needs
Developers and Middleware like a central location to watch log files, query
data
Security and S/A also like to build adhoc reports to discover problems in
the enviroment.

Problem

To log +100GB a day to meet the Use case splunk is cost prohibitive
To do everything in ELK, does not meet the complex nature of the data and
adhoc reports.
Kibana does not have alot of features that the Splunk Interface has.

Solution:

Create a Splunk search command " | esearch "Query somthing" index=logstash
.... " that allows commands issued in splunk to query elasticsearch, and
retrieve the data. This way we can keep one unified interface for both
Management and developers while avoiding the cost of splunk. Later on as
people see the power of ELK we maybe able to transition over completely
but till then.

I welcome anyone to contribute code or look at this, I am a noob in python
coding and it could use some more cleanup.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/0c3dd529-495f-4a1f-a58d-c444ab8f0950%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.