https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429338#M171624 <P>@Sukisen1981 Thanks for the information. </P> Mon, 06 May 2019 13:38:50 GMT Said7 2019-05-06T13:38:50Z https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429335#M171621 <P>Hi, i hope someone can help us, please. </P> <P>We have to send our logs that we receive from Firewall's, Sysmon, etc from Splunk Enterprise to another device called Elastic Search throught syslog. </P> <P>Our configuration by Splunk is in /opt/splunk and we create a file in /opt/splunk/etc/system/local called outputs.conf </P> <P>Our configuration is next: </P> <P>[root@SPLUNK2 local]# cat outputs.conf</P> <P>defaultGroup = syslogGroup</P> <P>[syslog: syslogGroup]<BR /> server = xxx.xxx.xxx.xxx:514</P> <P>We restart the splunk throught GUI in settings &gt; server control, but we didn't see logs outgoing.</P> <P>Regargds</P> Mon, 29 Apr 2019 22:44:16 GMT https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429335#M171621 Said7 2019-04-29T22:44:16Z https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429336#M171622 <P>check this out - <A href="https://logz.io/blog/migrating-from-splunk-to-elk/">https://logz.io/blog/migrating-from-splunk-to-elk/</A></P> Tue, 30 Apr 2019 20:16:01 GMT https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429336#M171622 Sukisen1981 2019-04-30T20:16:01Z https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429337#M171623 <P>The easiest method would be to install Logstash on the box where you are collecting logs and use it to forward them on to ELK.</P> <P>Logstash is essentially Elastic's equivalent of Splunks Universal Forwarder.</P> <P>It's easy to set up and designed to do exactly what you're attempting.</P> Tue, 30 Apr 2019 20:51:28 GMT https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429337#M171623 codebuilder 2019-04-30T20:51:28Z https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429338#M171624 <P>@Sukisen1981 Thanks for the information. </P> Mon, 06 May 2019 13:38:50 GMT https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429338#M171624 Said7 2019-05-06T13:38:50Z https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429339#M171625 <P>@codebuilder, thanks for your answer, we are checking the documentation of splunk to try send the logs without install logstash. </P> <P>[<A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/Forwarding/Forwarddatatothird-partysystemsd">https://docs.splunk.com/Documentation/Splunk/7.2.6/Forwarding/Forwarddatatothird-partysystemsd</A>]</P> Mon, 06 May 2019 13:42:35 GMT https://community.splunk.com/t5/Splunk-Search/Send-logs-from-Splunk-Enterprise-to-Elastic-Search/m-p/429339#M171625 Said7 2019-05-06T13:42:35Z