Log collect status monitoring and

aojie654 · ‎03-01-2020

Hi, splunkers:

My customer want to monitoring the following 2 things:
1. The status of logs collection. Thats means they wan to ensure that all logs were indexed to splunk.
2. The status of splunk. Send the splunk web message (like the message in the image) to their centralized monitoring platform them in real time if there are any warn or error occured because they almost don't care about splunk monitoring console.

Any idea for these?

anmolpatel · ‎03-05-2020

@aojie654 If you want to look at log collection and the data indexed, the LM has the capability and you can just extract that search and modify it to meet client requirement. Maybe create another dashboard out of it

For status, Splunk writes quite a few logs about itself
https://docs.splunk.com/Documentation/Splunk/8.0.2/Troubleshooting/WhatSplunklogsaboutitself

Decide which is important to the client and you can write an outputs.conf stanza to send the log to an external source
https://docs.splunk.com/Documentation/Splunk/8.0.2/Forwarding/Forwarddatatothird-partysystemsd

Hope this helps

aojie654 · ‎03-05-2020

Hello? Is anybody here?

Log collect status monitoring and

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All