Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Forwarding a Log File and Monitor Any Updates to that Log File

ericmoss
Explorer
‎02-02-2011 09:22 PM

I have a Linux server and a Windows server. My Windows server is the receiver and my Linux server is a forwarder. There is a specific log file that contains the logs I want to forward to Windows server. How do I do that?

The most important thing I would like to do is monitor that log file for any logs that get written to it. I do not want to keep uploading and forwarding that file as it grows to my Windows server. So any log that gets generated, I want to forward that to the Windows server rather than the whole file.

Any help is greatly appreciated. Thanks.

0 Karma
Reply

ericmoss
Explorer
‎02-03-2011 04:04 PM

I added [monitor:///var/log/logmessages] to the inputs.conf file. logmessages is the file where my logs are written to. Will this work?

Reply

Lowell
Super Champion
‎02-02-2011 09:50 PM

Looks like you are looking for basic Splunk forwarding and receiving functionality. I suggest you start with the following from the docs:

http://www.splunk.com/base/Documentation/latest/Admin/Enableforwardingandreceiving

BTW, splunk forwards the whole file the first time a new file is found (or when it's first setup as a monitor input), then after that only newly added log events are forwarded. Splunk doesn't keep re-copying the same file over and over again; if that's what you are asking about.

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...