Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- How to get remote linux log into splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
http://docs.splunk.com/Documentation/Splunk/latest/Data/Unixlogslocal
I can't understand that.
How to Splunk monitor log from remote linux log?
Universal Forwarder have been installed in the remote linux.
What I should do then?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Either by using a forwarder (which you seem to have), configuring inputs.conf and outputs.conf
http://docs.splunk.com/Documentation/Splunk/latest/Data/FilesDirsremote
OR
Configure syslog to send the logs to your indexer. You need to configure your Splunk indexer to also listen on a TCP/UDP port.
http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogTCP
http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogUDP
OR
Store the logs on a network share that can be mounted by the indexer. From the splunk indexer perspective, this is pretty much like indexing local files.
/K
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Point the universal forwarder to monitor the logs you're interested in, and set the Splunk instance it should forward to (splunk add forward-server <yoursplunkserver>)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Either by using a forwarder (which you seem to have), configuring inputs.conf and outputs.conf
http://docs.splunk.com/Documentation/Splunk/latest/Data/FilesDirsremote
OR
Configure syslog to send the logs to your indexer. You need to configure your Splunk indexer to also listen on a TCP/UDP port.
http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogTCP
http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogUDP
OR
Store the logs on a network share that can be mounted by the indexer. From the splunk indexer perspective, this is pretty much like indexing local files.
/K
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
