https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539186#M90331 <P>No answer??????????????????????????</P><P>&nbsp;</P> Tue, 09 Feb 2021 14:50:00 GMT awslabspl 2021-02-09T14:50:00Z https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539185#M90330 <P>Im furious............</P><P>2 hosts ( physical ) :: both Ubuntu Server. Read about Splunk and how dibi **bleep**s GHA ( soim)</P><P>&nbsp;</P><P>Host #1: Installed Splunk as in docs, !!!!!!!!!!!!!</P><P>Host #2: created FREE Splunk cloud,</P><P>Configured everything as in docs.</P><P>&nbsp;</P><P>No **bleep**ing logs.</P><P>&nbsp;</P><P>HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</P> Tue, 09 Feb 2021 14:46:13 GMT https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539185#M90330 awslabspl 2021-02-09T14:46:13Z https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539186#M90331 <P>No answer??????????????????????????</P><P>&nbsp;</P> Tue, 09 Feb 2021 14:50:00 GMT https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539186#M90331 awslabspl 2021-02-09T14:50:00Z https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539194#M90334 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231372">@awslabspl</a>,</P><P>let me understand better because you shared few informations:</P><UL><LI>you have a physical host that's receiving syslogs with&nbsp;<SPAN>rsyslog,</SPAN></LI><LI><SPAN>rsyslog receives sysloigs and writes them in files,</SPAN></LI><LI><SPAN>you want to read thes logs and send them to. Splunk;</SPAN></LI></UL><P><SPAN>is it correct?</SPAN></P><P><SPAN>If yes, some questions:</SPAN></P><UL><LI><SPAN>to which Splunk do you want to send logs: Splunk Cloud or on premise?</SPAN></LI><LI><SPAN>what do you mean saying: "Host #2: created FREE Splunk cloud"?</SPAN></LI><LI><SPAN>the rsyslog server is one of host 1 or host 2 or it's in another host?</SPAN></LI><LI><SPAN>what's your architecture?</SPAN></LI></UL><P><SPAN>In few words:</SPAN></P><UL><LI><SPAN>you can use one of the servers are syslog server and the second as Splunk All-in-one,</SPAN></LI><LI><SPAN>or you can use an host both as rsyslog server and Splunk All-in-one.</SPAN></LI></UL><P><SPAN>At firest obviously, you have to check if the rsyslog server is writing syslogs in files.</SPAN></P><P><SPAN>Then if you have all in the same host (rsyslog and Splunk) you have to configure inputs on Splunk.</SPAN></P><P><SPAN>If instead you are using two servers, you have to install another Splunk as Heavy Forwarder or a Universal Forwarder on the rsyslog server that sends logs to the Splunk.</SPAN></P><P>In both cases see at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/Getstartedwithgettingdatain" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/Getstartedwithgettingdatain</A>&nbsp;how to ingest data.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 09 Feb 2021 15:44:28 GMT https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539194#M90334 gcusello 2021-02-09T15:44:28Z https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539210#M90336 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;thanks for the answer. I will not go into details as of my arch.</P> <P>On the other hand Im 99% sure I will look for other log-management solution.</P> <P>&nbsp;</P> Tue, 09 Feb 2021 19:43:03 GMT https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539210#M90336 awslabspl 2021-02-09T19:43:03Z https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539255#M90342 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231372">@awslabspl</a>,</P><P>I don't know why you's so sure to use another solution when the most customers are using Splunk!</P><P>Anyway, tell me if you want to continue the analysis of your Use Case.</P><P>Ciao and good luck with another solution.</P><P>Giuseppe</P> Wed, 10 Feb 2021 07:29:33 GMT https://community.splunk.com/t5/Getting-Data-In/Ingesting-logs-from-rsyslog/m-p/539255#M90342 gcusello 2021-02-10T07:29:33Z