https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432922#M75690 <P>Hi @kannu </P> <P>You can forward as raw TCP or as syslog messages. here is the documentation: <A href="https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd">https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd</A> hope it answers your questions.</P> <P>Regards, Chris.</P> Wed, 30 Jan 2019 10:51:14 GMT chrisyounger 2019-01-30T10:51:14Z https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432921#M75689 <P>Hello All ,</P> <P>I want to check that whether Splunk forwarder agent (UF) can be use to forward collected raw data to another analytics tool other than splunk , I mean third party analytics tools .</P> <P>I have read some document that we can achieve this from UF /HF . But guys can you help me in to let me know that which all others third party tools i can use to test it .</P> <P>Warm Regards<BR /> Manish</P> Wed, 30 Jan 2019 10:48:48 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432921#M75689 kannu 2019-01-30T10:48:48Z https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432922#M75690 <P>Hi @kannu </P> <P>You can forward as raw TCP or as syslog messages. here is the documentation: <A href="https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd">https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd</A> hope it answers your questions.</P> <P>Regards, Chris.</P> Wed, 30 Jan 2019 10:51:14 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432922#M75690 chrisyounger 2019-01-30T10:51:14Z https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432923#M75691 <P>@kannu </P> <P>You can send logs to any of the tool like syslog, LogRythm or any other system. </P> <P>This can be achieved with the help of Heavy forwarder or Intermediate Forwarder. Below Link will help you better:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd">https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd</A></P> Wed, 30 Jan 2019 10:53:11 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432923#M75691 vishaltaneja070 2019-01-30T10:53:11Z https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432924#M75692 <P>As the other posters have mentioned, you can forward out syslog messages to third party systems. However, you will lose the structure of the events. All events just get merged into one bytestream and so the destination system must be responsible for parsing again, and since you have multiple message types in one stream this can be very difficult.</P> <P>Cribl (<A href="https://cribl.io/">https://cribl.io/</A>) allows you to route events to multiple systems but maintain full metadata. In addition, you can be very selective about what goes where and you can reshape and enrich events as they're moving. </P> Wed, 30 Jan 2019 16:31:32 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432924#M75692 coccyx 2019-01-30T16:31:32Z https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432925#M75693 <P>As the other posters have mentioned, you can forward out syslog messages to third party systems. However, you will lose the structure of the events. All events just get merged into one bytestream and so the destination system must be responsible for parsing again, and since you have multiple message types in one stream this can be very difficult.</P> <P>Cribl (<A href="https://cribl.io/">https://cribl.io/</A>) allows you to route events to multiple systems but maintain full metadata. In addition, you can be very selective about what goes where and you can reshape and enrich events as they're moving. </P> Wed, 30 Jan 2019 16:31:41 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/432925#M75693 coccyx 2019-01-30T16:31:41Z https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/525129#M88685 <P>This is an endorsement by a Cribl employee. As a previous user of Cribl, I would not recommend it.</P> Fri, 16 Oct 2020 20:08:05 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-logs-to-third-party-system/m-p/525129#M88685 jianw223 2020-10-16T20:08:05Z