Ingest Processor is currently released as a preview only and is not officially supported. See Splunk General Terms for more information. For any questions on this preview, please reach out to ingestprocessor@splunk.com. Complete the preview application on the Voice of the Customer portal to get access to a demo for a tenant.
About Ingest Processor
Ingest Processor is a data processing capability that works within your Splunk Cloud Platform deployment. Use the Ingest Processor to configure data flows, control data format, apply transformation rules prior to indexing, and route to destinations.
The Ingest Processor solution is suitable for Splunk Cloud Platform administrators who use forwarders or HTTP Event Collector (HEC) to get data into their deployments.
You can easily deploy and use Ingest Processor since it does not require any additional infrastructure in your Splunk Cloud Platform environment. Ingest Processor will seamlessly scale and adjust your infrastructure resources according to your organization's needs. The Ingest Processor solution also lets you manage your data processing configurations and monitor your data ingest traffic through a centralized Splunk Cloud service.
What is the difference between Ingest Processor and Edge Processor
See the following table to review the differences between Ingest Processor and Edge Processor.
Edge Processor | Ingest Processor | |
---|---|---|
Solution description | Edge Processor is a Splunk Cloud-controlled service of edge processor clusters that are deployed at the edge in order to address routing, filtering, masking use cases. | Ingest Processor is Splunk Cloud capability that enables SPL2 data processing at the time of data ingestion. |
Ingest Pathways | Splunk-to-Splunk (S2S) protocol. S2S is the proprietary, TCP-based data transmission protocol used between Splunk software. | All ingest sources supported by Splunk Cloud Victoria. |
Where processing takes place |
|
|
Filtering and masking | Yes | Yes |
Field extraction | Yes | Yes |
Generate logs into metrics | No | Yes |
Extract JSON fields | Yes | Yes |
Route subsets of data to different data destinations | Yes | Yes |
Extract timestamps | Yes | Yes |
Routing to Splunk Cloud Platform indexes | Yes | Yes |
Routing to Splunk Enterprise indexes | Yes | Yes |
Routing to Amazon S3 | Yes | Yes |
Routing to Splunk Observability Cloud | No | Yes |
Get started with the Ingest Processor solution
Before you can start using the Ingest Processor solution, you must gain access to a cloud tenant where the Ingest Processor is available. Complete the preview application on the Voice of the Customer portal to get access to a demo for a tenant. No additional cloud computing resources (AWS, Azure, GCP) are needed in order to run Ingest Processor.
To learn more about how the Ingest Processor solution works and become more familiar with key terms and concepts, see How the Ingest Processor solution works. For information about the types of data processing operations that are supported, see Ingest Processor pipeline syntax.
Reference
See the following documentation for more information about the Ingest Processor solution and other Splunk software that works in conjunction with the Ingest Processor solution. For this information, see the following:
For this information | Refer to this documentation |
---|---|
Regional availability of the Ingest Processor solution | Cloud region:
|
Complete information about the supported SPL2 commands and functions. | |
How to configure Splunk forwarders | The Forwarding Data manual |
NEXT How the Ingest Processor solution works |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.1.2308 (latest FedRAMP release), 9.1.2312
Feedback submitted, thanks!