Hi Icrielaa,
I can not access the web server,I can only access the url,and I thought wget is not the best way,but it seems it's the only way to do that.I hope there's a APP to make it.
Thanks for your reply.
There's several ways to do this but it depends on how you have access to this file:
If you have direct access to the server, you could install a universal forwarder to monitor the file and forward it to your Splunk server.
You could write a scripted input that would pickup the file (wget/ftp/scp?) and then load it into Splunk. Mind you that this wouldn't take care of duplicate entries so you'd have to arrange this sanity check yourself.
If the server that has your file runs syslog (or rsyslog, or syslog-ng) you can possibly have the file sent to your Splunk server via syslog. This would require you enabling port 514 UDP/TCP (depending on the type of syslog) on your Splunk server.
If the server that has the logfile can export the filesystem it has the logfile on, you can then mount the filesystem on your Splunk server (CIFS/SMB/NFS?) and ingest the file as if it was a local file. This will set the host variable to the local Splunk server so you might want to overwrite that with the remote server name.
As far as I know, there's no input for Splunk to monitor a file directly over HTTP from within Splunk itself.
