Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Can splunk read data from unix stream socket?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gots
Path Finder
07-10-2018
06:45 AM
Is it possible to get data in splunk from unix stream socket?
Not tcp\udp socket, but socket like this - https://en.wikipedia.org/wiki/Berkeley_sockets
For example syslog-ng have this feature.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
brolo
Explorer
07-16-2018
10:04 PM
Why not use syslog-ng as a go between?
See this link: httpss://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
07-18-2018
05:00 AM
Splunk needs more tuning, upgrades and restarts than does syslog-ng so if you go directly to Splunk, without a buffer capability on the sending side, you will have far more data loss. You can update yslog-ng configurations with SIGHUP without a restart or data outage. You cannot do that with Splunk. Use syslog-ng.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
07-17-2018
01:26 PM
I concur with the consensus; see these excellent 2 posts:
http://www.georgestarcher.com/splunk-success-with-syslog/
https://gitlab.com/rationalcyber/syslog-ng-configuration/wikis/home
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
felipesewaybric
Contributor
07-17-2018
09:16 AM
try with syslog, check the https://docs.splunk.com/Documentation/StreamApp/7.1.2/DeployStreamApp/ProtocolDetection
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
brolo
Explorer
07-16-2018
10:04 PM
Why not use syslog-ng as a go between?
See this link: httpss://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vidhyaArumalla
Path Finder
07-17-2018
09:40 AM
I agree with @brolo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gots
Path Finder
07-17-2018
11:46 PM
I already done it with syslog-ng, but it seems that will be better do not create additional entities for simple task.
Python script also can help, but it is not ideal solution.
I had little hope that something miss in documentation.
Thank you all.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sjodle
Path Finder
07-17-2018
10:18 AM
I also agree. Alternatively, you could write a Bash or Python scripted input that reads the socket to stdout.
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
