All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Monitor remote Unix directory log file

Ravi_c
New Member
‎02-24-2014 11:57 PM

Hi,

Im new to splunk, I need to check the remote unix directory logfiles,

I need this approach as described below,
How can I look into that server, with ssh servername/password
Goto Specified path like /User/bin/MyAppl/Logs
Take the latest log file
Search for any ERROR like Java error.

If any error is there then
send a mail to the mail id.

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎02-25-2014 12:19 AM

Hi Ravi_c,

this is not quiet the way it works.
First you need to understand how Splunk works, take a deep look at the docs about getting data in. After that read the docs about the universal forwarder. When done with that, learn how to search for the added data and finally create some alerts to get you an email if something is error'ing ...

hope this helps to get you started ...

cheers, MuS

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎02-25-2014 01:09 AM

universal forwarder is continuously monitoring any input you did configure. Network usage can be limited for the forwarder with the [thruput] maxKBps = in limits.conf.
Remote SSH login is not possible by using Splunk, but you could either mount this remote share locally or create a scripted input to get the files needed over scp/rsync.

0 Karma
Reply

Ravi_c
New Member
‎02-25-2014 01:00 AM

Thanks for your answer.

I think from Universal Forwarder will push the data from Unix machine to Splunk, if this happen, then will it hurt any network resources/network traffic. I need to monitor for every 2Mins of interval.

From Splunk cant we look/login into the other Unix/Windows server ?

Regards

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...