Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk integration with third party systems

asp12
New Member
‎09-16-2021 01:47 AM

Hi All,

To forward data to third-party systems, integrated  splunk agent with below configs. 

Third party is able to receive data by listening on TCP port.

Issue: Unable to view default internal fields like source or host required for data enrichment. 

              Tried adding host and source in inputs.conf, but no luck.

Is there any limitation for forwarding internal fields to third party systems?

inputs.conf

[blacklist:$SPLUNK_HOME/var/log/splunk]

[monitor:///tmp/test1.log]

_TCP_ROUTING = App1Group

 

outputs.conf

[tcpout:App1Group]

server=<ip address>:<port>

sendCookedData = false

Labels (1)
Labels
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...