<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Can Splunk write the data it receives to raw syslog files? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-write-the-data-it-receives-to-raw-syslog-files/m-p/18179#M2456</link>
    <description>&lt;P&gt;Hi,&lt;/P&gt;

&lt;P&gt;I know, this sounds backwards. However, this is a requirement for a migration process from a syslog-ng/custom java report builder based system to Splunk. The first step is forwarding the logs to their current report builder using Splunk if possible, the following step will be to replicate their reports in Splunk itself.&lt;/P&gt;

&lt;P&gt;Basically I have lightforwarders consuming the application logs already, and would like to use these to forward the data to their reporting server to, hopefully a heavy forwarder, to write log files to the filesystem in raw standard syslog format. Their reports should be able to read these as if nothing has changed.&lt;/P&gt;

&lt;P&gt;Is this possible?&lt;/P&gt;

&lt;P&gt;Cheers,&lt;/P&gt;

&lt;P&gt;Glenn&lt;/P&gt;</description>
    <pubDate>Fri, 27 May 2011 10:29:56 GMT</pubDate>
    <dc:creator>Glenn</dc:creator>
    <dc:date>2011-05-27T10:29:56Z</dc:date>
    <item>
      <title>Can Splunk write the data it receives to raw syslog files?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-write-the-data-it-receives-to-raw-syslog-files/m-p/18179#M2456</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;

&lt;P&gt;I know, this sounds backwards. However, this is a requirement for a migration process from a syslog-ng/custom java report builder based system to Splunk. The first step is forwarding the logs to their current report builder using Splunk if possible, the following step will be to replicate their reports in Splunk itself.&lt;/P&gt;

&lt;P&gt;Basically I have lightforwarders consuming the application logs already, and would like to use these to forward the data to their reporting server to, hopefully a heavy forwarder, to write log files to the filesystem in raw standard syslog format. Their reports should be able to read these as if nothing has changed.&lt;/P&gt;

&lt;P&gt;Is this possible?&lt;/P&gt;

&lt;P&gt;Cheers,&lt;/P&gt;

&lt;P&gt;Glenn&lt;/P&gt;</description>
      <pubDate>Fri, 27 May 2011 10:29:56 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-write-the-data-it-receives-to-raw-syslog-files/m-p/18179#M2456</guid>
      <dc:creator>Glenn</dc:creator>
      <dc:date>2011-05-27T10:29:56Z</dc:date>
    </item>
    <item>
      <title>Re: Can Splunk write the data it receives to raw syslog files?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-write-the-data-it-receives-to-raw-syslog-files/m-p/18180#M2457</link>
      <description>&lt;P&gt;Splunk can't directly write to raw logfiles.  But you can forward to a syslog-ng to do the writing for you.  &lt;A href="http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd"&gt;http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 27 May 2011 15:11:50 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-write-the-data-it-receives-to-raw-syslog-files/m-p/18180#M2457</guid>
      <dc:creator>dwaddle</dc:creator>
      <dc:date>2011-05-27T15:11:50Z</dc:date>
    </item>
  </channel>
</rss>

