https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434024#M94423 <P>I already done it with syslog-ng, but it seems that will be better do not create additional entities for simple task.</P> <P>Python script also can help, but it is not ideal solution.</P> <P>I had little hope that something miss in documentation.</P> <P>Thank you all. </P> Wed, 18 Jul 2018 06:46:14 GMT gots 2018-07-18T06:46:14Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434018#M94417 <P>Is it possible to get data in splunk from unix stream socket?<BR /> Not tcp\udp socket, but socket like this - <A href="https://en.wikipedia.org/wiki/Berkeley_sockets">https://en.wikipedia.org/wiki/Berkeley_sockets</A></P> <P>For example syslog-ng have this feature.</P> Tue, 10 Jul 2018 13:45:08 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434018#M94417 gots 2018-07-10T13:45:08Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434019#M94418 <P>Why not use syslog-ng as a go between? <BR /> See this link: httpss://<A href="http://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html">www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html</A></P> Tue, 17 Jul 2018 05:04:28 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434019#M94418 brolo 2018-07-17T05:04:28Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434020#M94419 <P>try with syslog, check the <A href="https://docs.splunk.com/Documentation/StreamApp/7.1.2/DeployStreamApp/ProtocolDetection">https://docs.splunk.com/Documentation/StreamApp/7.1.2/DeployStreamApp/ProtocolDetection</A></P> Tue, 17 Jul 2018 16:16:22 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434020#M94419 felipesewaybric 2018-07-17T16:16:22Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434021#M94420 <P>I agree with @brolo</P> Tue, 17 Jul 2018 16:40:18 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434021#M94420 vidhyaArumalla 2018-07-17T16:40:18Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434022#M94421 <P>I also agree. Alternatively, you could write a Bash or Python scripted input that reads the socket to stdout.</P> Tue, 17 Jul 2018 17:18:51 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434022#M94421 sjodle 2018-07-17T17:18:51Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434023#M94422 <P>I concur with the consensus; see these excellent 2 posts:</P> <P><A href="http://www.georgestarcher.com/splunk-success-with-syslog/">http://www.georgestarcher.com/splunk-success-with-syslog/</A><BR /> <A href="https://gitlab.com/rationalcyber/syslog-ng-configuration/wikis/home">https://gitlab.com/rationalcyber/syslog-ng-configuration/wikis/home</A></P> Tue, 17 Jul 2018 20:26:23 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434023#M94422 woodcock 2018-07-17T20:26:23Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434024#M94423 <P>I already done it with syslog-ng, but it seems that will be better do not create additional entities for simple task.</P> <P>Python script also can help, but it is not ideal solution.</P> <P>I had little hope that something miss in documentation.</P> <P>Thank you all. </P> Wed, 18 Jul 2018 06:46:14 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434024#M94423 gots 2018-07-18T06:46:14Z https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434025#M94424 <P>Splunk needs more tuning, upgrades and restarts than does syslog-ng so if you go directly to Splunk, without a buffer capability on the sending side, you will have far more data loss. You can update yslog-ng configurations with SIGHUP without a restart or data outage. You cannot do that with Splunk. Use syslog-ng.</P> Wed, 18 Jul 2018 12:00:54 GMT https://community.splunk.com/t5/Getting-Data-In/Can-splunk-read-data-from-unix-stream-socket/m-p/434025#M94424 woodcock 2018-07-18T12:00:54Z