Archive
Highlighted

Enable FTP

Contributor

How do I enable FTP? (I know how to capture the logs after they are FTP'd to us)

We have devices that cannot have a universal forwarder installed on them. They only have FTP files. We need a way to FTP the files from these devices into our splunk server for processing.

Tags (1)
0 Karma
Highlighted

Re: Enable FTP

Legend

Splunk itself does not include an FTP server. You need a third-party product to provide this functionality for you.

View solution in original post

Highlighted

Re: Enable FTP

Contributor

What product would you suggest?

0 Karma
Highlighted

Re: Enable FTP

Legend

Which OS / version?

0 Karma
Highlighted

Re: Enable FTP

Contributor

Server Platform: Linux
Server platform Version: RHEL5
Client OS: Windows xp or 7
Splunk Version: 4.3.3

0 Karma
Highlighted

Re: Enable FTP

Legend

The most common ftpd in Linux is simply the ftpd you get if you run 'apt-get install ftpd' on a debian/ubuntu box. There's nothing wrong with that one. There's also ProFTPD, PureFTPD, vsftpd, etc. What you might want is an FTPD that has its own user management so you don't have to mix users in the FTP server software with those in the underlying operating system. The default ftpd doesn't do this if I recall correctly, but the other ones I listed do.

Highlighted

Re: Enable FTP

Contributor

Thank you so much! This is just what I was looking for.

Highlighted

Re: Enable FTP

Path Finder

There is a new splunkbase app called "importutil". It lets you import csv files (or any input) from an http url via the splunk search command line. Also works for ftp. sftp is experimental.

http://splunk-base.splunk.com/apps/69078/importutil

Here is an ftp example. Pulling from the bureau of labor stats:

|importutil ftp ftp://ftp.bls.gov/pub/time.series/ce/ce.data.102.WeeklyEarningsHist
| multikv
| table series_id, year, period, value, footnote_codes

Here is an example that imports data from the federal reserve economic data website:

|importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.csv
| multikv
| table DATE, VALUE
0 Karma
Highlighted

Re: Enable FTP

Champion

There now is an app that runs an FTP server so that you can accept files via FTP into Splunk directly. See the "FTP Receiver" app.

0 Karma
Highlighted

Re: Enable FTP

New Member

The FTP Receiver app is lacking documentation on how to get this app running. Does anyone have any suggestions? I ran this
(index=internal sourcetype=ftpmodular_input) OR (sourcetype=ftp) per the troubleshooting details and received nothing.

0 Karma