https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310122#M58271 <P>Thanks, but we hope to forward to-be-fronzen data to external server (e.g. a syslog server) for archiving.</P> Fri, 20 Oct 2017 09:44:03 GMT stwong 2017-10-20T09:44:03Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310119#M58268 <P>Hi all,</P> <P>Our Splunk server is getting data through several channels, e.g. universal forwarders, TCP input (e.g. OPSEC LEA of Checkpoint data), SNMP, DB connection, etc.). We hope to make a copy of these data (either raw or indexed) to external server (e.g. syslog) for long term archiving.<BR /> We're looking for any recommended solution. Would anyone please help?</P> <P>Thanks a lot.<BR /> Rgds</P> Wed, 18 Oct 2017 02:34:32 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310119#M58268 stwong 2017-10-18T02:34:32Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310120#M58269 <P>I think that you can backup and save it on a file server etc.</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/7.0.0/Indexer/Backupindexeddata">http://docs.splunk.com/Documentation/Splunk/7.0.0/Indexer/Backupindexeddata</A></P> Wed, 18 Oct 2017 04:28:24 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310120#M58269 HiroshiSatoh 2017-10-18T04:28:24Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310121#M58270 <P>Hi stwong,</P> <P>you can easily use Splunk for long term archiving ( see <A href="https://docs.splunk.com/Documentation/Splunk/7.0.0/Indexer/Setaretirementandarchivingpolicy">https://docs.splunk.com/Documentation/Splunk/7.0.0/Indexer/Setaretirementandarchivingpolicy</A> ) you don't need to use an external system.</P> <P>Anyway if you want to use a third party external system, you can forward all logs to an external system using syslogs ( see <A href="https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd">https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd</A> ).</P> <P>Bye.<BR /> Giuseppe</P> Wed, 18 Oct 2017 06:58:42 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310121#M58270 gcusello 2017-10-18T06:58:42Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310122#M58271 <P>Thanks, but we hope to forward to-be-fronzen data to external server (e.g. a syslog server) for archiving.</P> Fri, 20 Oct 2017 09:44:03 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310122#M58271 stwong 2017-10-20T09:44:03Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310123#M58272 <P>Thanks, We've to use indexAndForward=true for forwarding to third party, correct?</P> <P>Thanks again.</P> Fri, 20 Oct 2017 09:47:05 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310123#M58272 stwong 2017-10-20T09:47:05Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310124#M58273 <P>Hi stwong,<BR /> if you're satisfied by this answer, please accept or upvote it.<BR /> Bye.<BR /> Giuseppe</P> Fri, 20 Oct 2017 11:45:02 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310124#M58273 gcusello 2017-10-20T11:45:02Z https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310125#M58274 <P>Hi Giuseppe,</P> <P>Thanks. Will try it out.</P> <P>/STwong</P> Fri, 20 Oct 2017 12:41:58 GMT https://community.splunk.com/t5/Getting-Data-In/Archive-raw-and-or-indexed-data-to-external-syslog-server/m-p/310125#M58274 stwong 2017-10-20T12:41:58Z