Getting Data In

Configuring forwarding from splunk to an external syslog server

jmunroe
New Member

Hello,

What is the recommended method of forwarding all splunk inputs to an external syslog server listening on UDP/514?

Our setup in question is a Full Splunk 6.0 implementation and has multiple data inputs listening on multiple ports (514-520) logging data into multiple Source Types and Indexes.

I am looking for the recommended configuration within Splunk to forward all that data (no filtering required) to an external syslog server (SIEMC).

Thanks!!

0 Karma

psow_splunk
Splunk Employee
Splunk Employee

If no filtering is require, you can just edit outputs.conf:

Edit outputs.conf to specify receiving host/IP and port
[syslog:my_target_grp]
type = tcp (Optional)
server = 192.168.0.1:514

0 Karma

matt
Splunk Employee
Splunk Employee

Check out this Answers topic: Output syslog to external
Here is the relevant section of the documentation: Forward data to third party systems -- Syslog data

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...