Solved: Can Splunk write the data it receives to raw syslo...

Glenn · ‎05-27-2011

Hi,

I know, this sounds backwards. However, this is a requirement for a migration process from a syslog-ng/custom java report builder based system to Splunk. The first step is forwarding the logs to their current report builder using Splunk if possible, the following step will be to replicate their reports in Splunk itself.

Basically I have lightforwarders consuming the application logs already, and would like to use these to forward the data to their reporting server to, hopefully a heavy forwarder, to write log files to the filesystem in raw standard syslog format. Their reports should be able to read these as if nothing has changed.

Is this possible?

Cheers,

Glenn

dwaddle · ‎05-27-2011

Splunk can't directly write to raw logfiles. But you can forward to a syslog-ng to do the writing for you. http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd

View solution in original post

dwaddle · ‎05-27-2011

Splunk can't directly write to raw logfiles. But you can forward to a syslog-ng to do the writing for you. http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd

Can Splunk write the data it receives to raw syslog files?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!