Architecture

There are many ways to get data in and out of Splunk. We'll briefly list them here, and note that this website is only focused on a couple of the methods most relevant for software developers.

Software Developer Interfaces

• The simplest coding method to get data in and out of splunk is via the simple object SDK, which is currently available in python, but .net and java are coming soon.
• Alternatively, you can simply log events in your code to a file (using log4j, for example), and ask Splunk to monitor those log files. You can then use any of Splunk's interfaces to search and analyze your data. Why log? / How to log
• A full REST API, via https and xml, is available to put data in, to search for results, and to view and modify configuration. A subset of it is documented here: Splunk 4.1 Rest API.

End-User Interfaces

• The web-based Splunk GUI that most Splunk users experience, talks to a SplunkWeb appserver, which makes REST API calls to the Splunk Data Store.
• The CLI (command-line interface) allows for convenient access to searching and configuration via a commandshell.