Data be passed to the Redis function to then write the results into Redis?
Have a Redis function question. Let's say I have a Splunk Search collector that runs without mode as csv. Can that data be passed to the Redis function to then write the results into Redis? Anyone tried that?
Answers
-
Hi, although I found CSV as very useful way of populating Redis, you can send the Splunk Search results to a pipeline and use the Redis ' set ', 'hset', 'append' on the events
0 -
ok i just see in the search collector that requires an output mode. are you saying use the Splunk Search under pull instead?
0 -
ah they both have an output mode
0 -
exactly. json or csv
0 -
ok so it does not matter which one to use before sending to the redis function?
0 -
correct. you can do this for example any key with the many redis options will do the trick
0 -
ok i did a quick test on my search and that worked and it pulled the 2 fields per line that need to be put into Redis. lets say field1 and field 2 are in each data event. How do I add those two fields using one field appended to use as the key? Example: mykeyname:field1value The fields and values under this key would be: field1 mydata1 field2 mydata2
0 -
Redis is pretty simple. One key, one value. Are the field names static? When you need them on Cribl, will you know their names?
0 -
yes
0 -
If yes, I'd consider naming the key field1_mykeyname, or the other way round
0 -
And then construct a Redis lookup from whatever your value is plus that field name
0 -
A solution I just used for exporting a small CSV from Splunk. Export Everything add-on to SFTP CSV for /opt/cribl/state directory. Didn't want to setup Redis... :laughing:
0 -
This is a 34million CSV file, so no thanks. I figured out what I needed to do in the Redis function so all is good!
0 -
:nice-intensifies: !!
0
