- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
is it possible, to implement automatic lookups on a splunk forwarder?
The reason for this request is, that i´ve already installed the splunk forwarder on a linux-based vpn-server.
The forwarder already monitors the log file of the vpn-process (racoon) and forward it to our central splunk indexer.
But there is a need, to add data to the logfile, befor it is send to the indexer, because the data which has to be added are only available at run-time on the linux system itself and depends on the information of each log line. Therefor i´ve no chance with an lookup at the central splunk indexer.
regards
Michael
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![richgalloway richgalloway](https://community.splunk.com/legacyfs/online/avatars/140500.jpg)
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
The Universal Forwarder only forwards. To do anything else, you must install a Heavy Forwarder.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![richgalloway richgalloway](https://community.splunk.com/legacyfs/online/avatars/140500.jpg)
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
The Universal Forwarder only forwards. To do anything else, you must install a Heavy Forwarder.
If this reply helps you, Karma would be appreciated.
![](/skins/images/5D2DD17C284106BFBF80528D01D8AA1A/responsive_peak/images/icon_anonymous_message.png)