Deployment Architecture

Want to analyse all linux connected system logs on real time basis so please tell me the configuration of using forwarder.

kunalagarwal
New Member

Linux basis Configuration

Tags (1)
0 Karma

sdaniels
Splunk Employee
Splunk Employee

You'll want to install the Universal forwarder on each linux server. Then set up a monitor for the log files (/var/log/ folder) and forward to the indexer. On the indexer you'll need to enable receiving in the manager. See our docs below.

http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectories

0 Karma
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques

Hello! We are excited to kick off a new series of blogs from SplunkTrust member ITWhisperer, who demonstrates ...

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...