Send syslog to Splunk Add-on for Unix and Linux (n...

kramerni · ‎03-29-2019

Hi all!

I have to install a Splunk server and a universal forwarder (as a syslogserver). To the UF, I send data from the firewall, switches and access points.

I use the native log forwarding methods from the devices to send the data to the UF.

Now I have to create some dashboards, including when a device is reachable, down, critical...(ping?)
Or also the bandwith from the firewall...

For these, I want to use the Splunk Add-on for Unix and Linux on the UF, and then the APP on the Server.

Is it possible to send the data from the device to the UF (with Add-on installed) without installing a UF on the firewall or switches?

Or is there maybe a preferable way to deploy it, with another app or something?

Thanks for your help!

woodcock · ‎03-31-2019

Of course. The easiest way to agentlessly send events to Splunk is with the Http Event Collector:
https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector

Send syslog to Splunk Add-on for Unix and Linux (native)

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Send syslog to Splunk Add-on for Unix and Linux (native)

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey