Splunk Elasticsearch integration


I wanted to let you know, I have been working on a "search command" for
splunk that allows me to use the SPLUNK GUI but query data in

I just wanted to let you know it was out there as I never found anything

Use Case:

Splunk is very expense to license
Most data in logfiles are not needed for Management Dashboard needs
Developers and Middleware like a central location to watch log files, query
Security and S/A also like to build adhoc reports to discover problems in
the enviroment.


To log +100GB a day to meet the Use case splunk is cost prohibitive
To do everything in ELK, does not meet the complex nature of the data and
adhoc reports.
Kibana does not have alot of features that the Splunk Interface has.


Create a Splunk search command " | esearch "Query somthing" index=logstash
.... " that allows commands issued in splunk to query elasticsearch, and
retrieve the data. This way we can keep one unified interface for both
Management and developers while avoiding the cost of splunk. Later on as
people see the power of ELK we maybe able to transition over completely
but till then.

I welcome anyone to contribute code or look at this, I am a noob in python
coding and it could use some more cleanup.

