All Apps and Add-ons

Splunk Add-on for Unix and Linux: Why are syslogs from Linux servers being returned as raw events?

sabaKhadivi
Path Finder

As I installed linux TA and app , received logs are in the form of raw event and they aren't indexed with this TA.
Linux servers send logs to universal forwarder by syslog, and when i search in the related index, logs seem to be raw events, and field extraction hasn't happened.

The TA is most downloaded in Splunkbase. What is the solution?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Splunk TA for Linux does not expect events to arrive via syslog. Events sent via syslog are in a very different format for which you will have to craft your own props.conf settings.

---
If this reply helps you, Karma would be appreciated.

renjith_nair
Legend

@sabaKhadivi,

Splunk TA for linux contains a set of scripted inputs to collect system information such as cpu,memory,process etc from the system.

Are you looking for RFC5424 Syslog ?

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...