Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Forwarding a Log File and Monitor Any Updates to that Log File

ericmoss
Explorer
‎02-02-2011 09:22 PM

I have a Linux server and a Windows server. My Windows server is the receiver and my Linux server is a forwarder. There is a specific log file that contains the logs I want to forward to Windows server. How do I do that?

The most important thing I would like to do is monitor that log file for any logs that get written to it. I do not want to keep uploading and forwarding that file as it grows to my Windows server. So any log that gets generated, I want to forward that to the Windows server rather than the whole file.

Any help is greatly appreciated. Thanks.

0 Karma
Reply

ericmoss
Explorer
‎02-03-2011 04:04 PM

I added [monitor:///var/log/logmessages] to the inputs.conf file. logmessages is the file where my logs are written to. Will this work?

Reply

Lowell
Super Champion
‎02-02-2011 09:50 PM

Looks like you are looking for basic Splunk forwarding and receiving functionality. I suggest you start with the following from the docs:

http://www.splunk.com/base/Documentation/latest/Admin/Enableforwardingandreceiving

BTW, splunk forwards the whole file the first time a new file is found (or when it's first setup as a monitor input), then after that only newly added log events are forwarded. Splunk doesn't keep re-copying the same file over and over again; if that's what you are asking about.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...