Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can i have splunk forward data to an external system?

Erik_Swan
Splunk Employee
Splunk Employee
‎01-21-2010 01:59 AM

Is it possible to have splunk forward data to another 3rd party system that is expecting syslog?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Erik_Swan
Splunk Employee
Splunk Employee
‎01-21-2010 02:06 AM

Yes,

Splunk can forward any RFC 3164 compliant events from any platform to a TCP/UDP based server and port, making the payload of any non-compliant data RFC 3164 compliant. You can specify any of the following:

  • TCP priority (combination of facility and severity)
  • Ability to specify regex and forward only the data that matches regex via props/transforms
  • Filter what is sent by source type, or other meta data, again via props/transforms.
  • Mandatory truncating of data to 1024 (to comply with RFC 3164)

For more info, see: http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Forwarddatatothird-partysystemsd

View solution in original post

Reply
Solved! Jump to solution
Solution

Erik_Swan
Splunk Employee
Splunk Employee
‎01-21-2010 02:06 AM

Yes,

Splunk can forward any RFC 3164 compliant events from any platform to a TCP/UDP based server and port, making the payload of any non-compliant data RFC 3164 compliant. You can specify any of the following:

  • TCP priority (combination of facility and severity)
  • Ability to specify regex and forward only the data that matches regex via props/transforms
  • Filter what is sent by source type, or other meta data, again via props/transforms.
  • Mandatory truncating of data to 1024 (to comply with RFC 3164)

For more info, see: http://docs.splunk.com/Documentation/Splunk/5.0/Deploy/Forwarddatatothird-partysystemsd

Reply
Solved! Jump to solution

dmenon84
Path Finder
‎09-26-2016 08:17 AM

Hi,

If I forward the syslog to 3rd party system will I be able to keep the same info in my internal instance of Splunk as well?

Thanks,

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...