Solved: automatic lookup on splunkforwarder

mbrussk · ‎11-30-2015

Hello,

is it possible, to implement automatic lookups on a splunk forwarder?
The reason for this request is, that i´ve already installed the splunk forwarder on a linux-based vpn-server.
The forwarder already monitors the log file of the vpn-process (racoon) and forward it to our central splunk indexer.
But there is a need, to add data to the logfile, befor it is send to the indexer, because the data which has to be added are only available at run-time on the linux system itself and depends on the information of each log line. Therefor i´ve no chance with an lookup at the central splunk indexer.

regards
Michael

richgalloway · ‎11-30-2015

The Universal Forwarder only forwards. To do anything else, you must install a Heavy Forwarder.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-30-2015

The Universal Forwarder only forwards. To do anything else, you must install a Heavy Forwarder.

---
If this reply helps you, Karma would be appreciated.

automatic lookup on splunkforwarder

Get ready to show some Splunk Certification swagger at .conf24!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...