All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Apache Webs Server to splunk

jadengoho
Builder
‎04-05-2018 01:33 AM

Here's the situation, I have an Apache Webserver on my VirtualMachine. And have a splunk web on my localhost on my computer.

What I want to try to get the acccess.log that resides on Virtual machine. Cause in the documentation it only works on the same network, how about if it in different networks, how can I get logs from apache webserver.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

splunker12er
Motivator
‎04-05-2018 01:49 AM

On your web-server you might need to install splunk universal forwarder and setup inputs.conf ( to monitor the log files) and outputs.conf ( destination you are going to forward the logs)

you mentioned splunk-web running in your localhost (where you have install splunk Enterprise in your localhost and splunk service is running in your localhost , which is your indexer/destination that you are going to forward logs to your localhost.

access.log( virtual machines) [Install splunk universal forwarder] ---> splunk indexer/search head( localhost)
(inputs.conf, outputs.conf) ---> setup splunk to listen on some tcp ports (e..g tcp/9997) to receive the logs from your VM.

Consider firewalls inbetween , you need to allow required ports

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

splunker12er
Motivator
‎04-05-2018 01:49 AM

On your web-server you might need to install splunk universal forwarder and setup inputs.conf ( to monitor the log files) and outputs.conf ( destination you are going to forward the logs)

you mentioned splunk-web running in your localhost (where you have install splunk Enterprise in your localhost and splunk service is running in your localhost , which is your indexer/destination that you are going to forward logs to your localhost.

access.log( virtual machines) [Install splunk universal forwarder] ---> splunk indexer/search head( localhost)
(inputs.conf, outputs.conf) ---> setup splunk to listen on some tcp ports (e..g tcp/9997) to receive the logs from your VM.

Consider firewalls inbetween , you need to allow required ports

0 Karma
Reply
Solved! Jump to solution

jadengoho
Builder
‎04-05-2018 01:52 AM

I would try this recommendation , Thanks a lot .

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...