Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to monitor logs on Linux directory?

pamelaferrari
New Member
‎04-24-2019 01:48 AM

I installed Splunk on a Windows machine. I have some applications that runs on a Linux server and generates daily logs on a specific Linux directory. I would like to monitor these logs from Splunk. I know there is the Splunk Universal Forwarder but first I would try to create a script on Splunk that runs an ssh (with cat logs file) and keeps the logs from the Linux directories.
Can you please explain me how can achieve this result? Can you give me an example?
Thank you very much
Regards

0 Karma
Reply

skalliger
Motivator
‎04-25-2019 02:57 AM

This would require writing your own file watcher (or using someone else's), transfering the files (think about transfering it securely) and also think about the future. You want to keep the footprint of the process on the target system low and maybe want to loadbalance events later to multiple directions.

But if you really don't want to just install the Universal Forwarder (which is recommended), you can always try to do it with a Scripted Input.

I really don't see a reason why you would want to implement such functionality yourself. The UF might not be good at filtering events, but he is good enough in gathering them.

Skalli

Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...