Hi,
I have a Digital Guardian( DG) Tool installed in around 10 systems to prevent the data leakage, DG tool generates the Activity Log every Monday and there is a team who uploads those logs in the library and every time we download the logs from that library and import to SPLUNK.
Please let me know what ever the logs are getting generated by DG tool, I want all those logs to be imported directly to SPLUNK ( means : Logs will be generated by DG tool and automatically be fed to SPLUNK ), I dont wish to downlod the log and then import it to SPLUNK , instead I want the logs to be imported directly
Please help me to solve this problem
Your help is very much appreciated in this regards,
Have a read of this;
http://docs.splunk.com/Documentation/Splunk/5.0.1/Deploy/Aboutforwardingandreceivingdata
It should hopefully answer most of your questions, if you hit a snag then just post back 🙂
I was just asking that DG tool is generating set of files every monday that i want to directly import to my SPLUNK server, How it could be done ? Please suggest me some solutions
I'm not sure how this question really relates to Splunk - isn't it more a matter of how Digital Guardian logs can be extracted? If so, wouldn't it be better to ask in a forum for the Digital Guardian product?
Have a read of this;
http://docs.splunk.com/Documentation/Splunk/5.0.1/Deploy/Aboutforwardingandreceivingdata
It should hopefully answer most of your questions, if you hit a snag then just post back 🙂
You can definitely do that.
You could use http://splunk-base.splunk.com/apps/50803/splunk-db-connect from the indexer to connect directly, or use heavy forwarders to potentially connect remotely and forward the data. I haven't really explored how it functions yet
Is it possible to connect SPLUNK forwarders with the SQL server, so that It will run a query to fetch the data and directly those data will be sent to the SPLUNK server..
Please help !!
???
You've been around for quite some time here and you don't know how Splunk licensing works? The Universal Forwarder can be downloaded free of charge from http://www.splunk.com/download/universalforwarder
You mean to say that I should have "forwarders" installed in all those 10 servers too, so that it could collect the data generated by DG tool and forwards to the SPLUNK server directly for processing... If this is so , Do I need to pay anything to get the SPLUNK forwarders ? please suggest