Deployment Architecture

How to get remote linux log into splunk

Path Finder

http://docs.splunk.com/Documentation/Splunk/latest/Data/Unixlogslocal

I can't understand that.
How to Splunk monitor log from remote linux log?
Universal Forwarder have been installed in the remote linux.
What I should do then?

Tags (3)
0 Karma
1 Solution

Ultra Champion

Either by using a forwarder (which you seem to have), configuring inputs.conf and outputs.conf

http://docs.splunk.com/Documentation/Splunk/latest/Data/FilesDirsremote

OR

Configure syslog to send the logs to your indexer. You need to configure your Splunk indexer to also listen on a TCP/UDP port.

http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogTCP
http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogUDP

OR

Store the logs on a network share that can be mounted by the indexer. From the splunk indexer perspective, this is pretty much like indexing local files.

/K

View solution in original post

Legend

Point the universal forwarder to monitor the logs you're interested in, and set the Splunk instance it should forward to (splunk add forward-server <yoursplunkserver>)

0 Karma

Ultra Champion

Either by using a forwarder (which you seem to have), configuring inputs.conf and outputs.conf

http://docs.splunk.com/Documentation/Splunk/latest/Data/FilesDirsremote

OR

Configure syslog to send the logs to your indexer. You need to configure your Splunk indexer to also listen on a TCP/UDP port.

http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogTCP
http://docs.splunk.com/Documentation/Splunk/latest/Data/SyslogUDP

OR

Store the logs on a network share that can be mounted by the indexer. From the splunk indexer perspective, this is pretty much like indexing local files.

/K

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!