How to forward data logs from Linux to Splunk?

Dijanad · ‎04-18-2018

We recently purchased the managed splunk cloud instance, I am in the process of adding data. We would like to index our db2diag logs which are sitting on the Linux servers. I went though the process of installing the forwarder and forwarder credentials. Now I am at a loss on how to tell the forwarder what logs to forward to splunk? With the managed splunk cloud instance, you can't do it through the Add Data button. I do have the monitoring console app, and I see the new Linux forwarder there. But I don't see an option there to manipulate the forwarder in any way. Do I have to configure the forwarder inputs on the Linux server?

Also when I look at the monitoring console app, I see the universal forwarder and the heavy forwarder there. But we only installed universal. Is that am installation default?

p_gurav · ‎04-18-2018

This may help:

http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/Forwarding/Aboutforwardingandreceivingdata

http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/Data/Monitorfilesanddirectorieswithinputs.con...

You have to write inputs.conf on the forwarder.

Dijanad · ‎04-19-2018

So we have splunk cloud. So that seems to work different. What I see is that you have to use splunk web to configure forwarders for the cloud version. Is that correct?

Dijanad · ‎04-19-2018

The inputs.conf That has to be written on the unix server. There isn't a gui to manage forwarders?

How to forward data logs from Linux to Splunk?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to forward data logs from Linux to Splunk?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...