Im new to splunk, I need to check the remote unix directory logfiles,
I need this approach as described below,
How can I look into that server, with ssh servername/password
Goto Specified path like /User/bin/MyAppl/Logs
Take the latest log file
Search for any ERROR like Java error.
If any error is there then
send a mail to the mail id.
this is not quiet the way it works.
First you need to understand how Splunk works, take a deep look at the docs about getting data in. After that read the docs about the universal forwarder. When done with that, learn how to search for the added data and finally create some alerts to get you an email if something is error'ing ...
hope this helps to get you started ...
universal forwarder is continuously monitoring any input you did configure. Network usage can be limited for the forwarder with the [thruput] maxKBps =
Remote SSH login is not possible by using Splunk, but you could either mount this remote share locally or create a scripted input to get the files needed over scp/rsync.
Thanks for your answer.
I think from Universal Forwarder will push the data from Unix machine to Splunk, if this happen, then will it hurt any network resources/network traffic. I need to monitor for every 2Mins of interval.
From Splunk cant we look/login into the other Unix/Windows server ?