Re: systemd journald logs not being read by TA_NIX

alastor · ‎05-10-2019

systemd journald logs not being read by TA_NIX

Why doesn't the Unix / Linux add on have default support for picking up logs from the systemd logs into journald?

I realize journald is a binary format, I don't think it makes sense to ignore that data or ask each splunk user to find a manual way of pulling this data it. It should be part of this app.

Will Splunk please fix this?

Thanks!

tgurantz_splunk · ‎10-07-2022

I'm going through these older journald posts for other reasons, but it looks like no one has updated responses here that there's better ways now? Splunk 8.1 (which was released around the time you asked this question) introduced native journald input support (separate from any TA for *NIX):

https://docs.splunk.com/Documentation/Splunk/latest/Data/CollecteventsfromJournalD

Why doesn't the Unix / Linux add on have default support for picking up logs from the systemd logs into journald?

upgrade

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Join the Conversation

Why doesn't the Unix / Linux add on have default support for picking up logs from the systemd logs into journald?

upgrade

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas