About Ingest Processor
Ingest Processor is a data processing capability that works within your Splunk Cloud Platform deployment. Use the Ingest Processor to configure data flows, control data format, apply transformation rules prior to indexing, and route to destinations.
You can easily deploy and use Ingest Processor since it does not require any additional infrastructure in your Splunk Cloud Platform environment. Ingest Processor will seamlessly scale and adjust your infrastructure resources according to your organization's needs. The Ingest Processor solution also lets you manage your data processing configurations and monitor your data ingest traffic through a centralized Splunk Cloud service.
What is the difference between Ingest Processor and Edge Processor?
See the following table to review the differences between Ingest Processor and Edge Processor.
Features | Edge Processor | Ingest Processor |
---|---|---|
Solution description | Edge Processor is a Splunk product that allows you to process data using SPL2 before you send that data out of your network to external destinations. You use a Splunk-managed cloud service to deploy and manage on-premises Edge Processors at the edge of your network. | Ingest Processor is a Splunk Cloud Platform capability that allows you to process data using SPL2 at the time of data ingestion. |
Supported data sources |
|
All data sources supported by Splunk Cloud Platform deployments on Victoria Experience. |
Where processing takes place | At the edge of your network, close to the data source. | In Splunk Cloud Platform. |
Generate logs into metrics | No | Yes |
Enrich data using lookups | Yes | No |
Routing to Splunk Enterprise indexes | Yes | No |
Routing to Splunk Cloud Platform indexes | Yes | Yes |
Routing to Splunk Observability Cloud | No | Yes |
Data format when routing to Amazon S3 | JSON files that use the Splunk HEC schema |
|
For information about the Edge Processor solution, see the Use Edge Processors manual.
Ingest Processor components
The following diagram provides an overview of the components that comprise the Ingest Processor service, and whether each component is hosted in the Splunk Cloud Platform environment or your local environment. See the System architecture section on this page for more information.
Get started with the Ingest Processor solution
Before you can start using the Ingest Processor solution, you must gain access to a cloud tenant where the Ingest Processor is available. Ingest Processor is only available on Victoria Experience for Splunk Cloud Platform. No additional cloud computing resources (AWS, Azure, GCP) are needed in order to run Ingest Processor.
Request Ingest Processor on your Splunk Cloud Platform stack
To obtain a Splunk Cloud Platform stack that is provisioned with Ingest Processor, Create a support case on the Splunk Support portal, and perform the following steps to complete the cloud change management (CCM) form.
On the Create a case page on the Splunk Support portal, fill out the following fields.
- In the Select Case Type field, select Support.
- In the Select Product field, select Splunk Cloud.
- In the I need help with... field, select Cloud Change Request.
- In the Select Cloud Stack field, select your Splunk Cloud Platform stack.
- In the Conf File Name field, select Standard Configuration.
- In the Maintenance Window field, provide several maintenance window options, and include your time zone.
- In the Description field, enter
request to provision Ingest Processor GA Essentials
. - In the Splunk Support access to your company data field, select either Allow or Do not Allow.
- In the Splunk Support access to your company data field, select either Allow or Do not Allow.
- Click Submit.
Learn more
To learn more about how the Ingest Processor solution works and become more familiar with key terms and concepts, see How the Ingest Processor solution works. For information about the types of data processing operations that are supported, see Ingest Processor pipeline syntax.
Reference
See the following documentation for more information about the Ingest Processor solution and other Splunk software that works in conjunction with the Ingest Processor solution. For this information, see the following:
For this information | Refer to this documentation |
---|---|
Regional availability of the Ingest Processor solution | Cloud region:
|
Complete information about the supported SPL2 commands and functions. | |
How to configure Splunk forwarders | The Forwarding Data manual |
How the Ingest Processor solution works |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.1.2308, 9.1.2312, 9.2.2403 (latest FedRAMP release), 9.2.2406
Feedback submitted, thanks!