Connector Improvement: Limit Splunk connector to specific index
We can't use the current Splunk connector because it ingests all the data we have in splunk, which we don't need. We only want to ingest a specific index/collection. That would allow us to get only the data we need.
-
Official comment
Hi Farrell -
Thanks for submitting this feature request. We don't currently have this request planned, however we will continue to monitor for demand. Every upvote and comment helps us justify the reason to build it.
Best,
Erin
-
Has this item been incorpated into the backlog for the Splunk Connector? Being able to filter synced events to a specific [set of] indexes or even by a using a query as a filter would enable customers with large splunk multi-tenant splunk instances to have finer grain control over the content of events ingested and protect against data leakage from one team's logs to another. Having a default lookback time period for syncs would also be useful so the entire history of splunk events is not ingested racking up crazy high ingestion/storage costs.
Please sign in to leave a comment.
Comments
2 comments