All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitor remote Unix directory log file

Ravi_c
New Member
‎02-24-2014 11:57 PM

Hi,

Im new to splunk, I need to check the remote unix directory logfiles,

I need this approach as described below,
How can I look into that server, with ssh servername/password
Goto Specified path like /User/bin/MyAppl/Logs
Take the latest log file
Search for any ERROR like Java error.

If any error is there then
send a mail to the mail id.

0 Karma
Reply

MuS
Legend
‎02-25-2014 12:19 AM

Hi Ravi_c,

this is not quiet the way it works.
First you need to understand how Splunk works, take a deep look at the docs about getting data in. After that read the docs about the universal forwarder. When done with that, learn how to search for the added data and finally create some alerts to get you an email if something is error'ing ...

hope this helps to get you started ...

cheers, MuS

0 Karma
Reply

MuS
Legend
‎02-25-2014 01:09 AM

universal forwarder is continuously monitoring any input you did configure. Network usage can be limited for the forwarder with the [thruput] maxKBps = in limits.conf.
Remote SSH login is not possible by using Splunk, but you could either mount this remote share locally or create a scripted input to get the files needed over scp/rsync.

0 Karma
Reply

Ravi_c
New Member
‎02-25-2014 01:00 AM

Thanks for your answer.

I think from Universal Forwarder will push the data from Unix machine to Splunk, if this happen, then will it hurt any network resources/network traffic. I need to monitor for every 2Mins of interval.

From Splunk cant we look/login into the other Unix/Windows server ?

Regards

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...