Archive

Splunk Standalone forward data to syslog

Observer

We have a relatively small Splunk implementation - just 1 standalone server. We're downloading Cisco Umbrella logs from the Cisco-managed S3 Bucket for reporting purposes.

We now have the need to also forward those umbrella logs to a syslog server in addition to leaving them on the standalone for reporting. Is there a way to configure a standalone to forward to a syslog server?

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

Hi mpuchalski,

Please read this https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd#Sysl... it can be configured on any Splunk instance. Just a word of caution: if you configure forwarding to a third party receiver and the receiving end goes down or is not available you will get in trouble on your Splunk instance.

Hope this helps ...

cheers, MuS

0 Karma

Observer

With this standalone instance, I have multiple apps receiving data.  I only want 1 index to fwd to an external syslog server.  Is that possible without a heavy forwarder?

0 Karma

Observer

Thank you. What is the trouble that Splunk will experience is the receiver is not available?

0 Karma