Solved: Re: How can i automate indexing of logs to splunk ... - Page 2

sahoo0233 · ‎06-04-2015

Hi everyone,

My everyday process is to upload logs to splunk web and take a report and analyse it.

So in this, 1st logs will be getting delivered from a third party to our internal splunk server(Unix box) , so from here i extract the required data and make duplicate logs.
Then i sign in to splunk web and add data i.e., upload all the duplicate logs (indexing).

So my question is, all this is manual process. So how can i automate this thing in the server(unix box) so that it automatically indexes to splunk web???

jackson1990 · ‎06-04-2015

Hi @sahoo0233,
To Automate indexing of logs,follow the below steps:
*Create a file named inputs.conf in $SPLUNK_HOME/etc/system/local/
*Add the following stanza in the file

[monitor://path]
disabled=false
followTail=true
host={YOUR-HOST-NAME}
index={Index-Name}(include this line if you have created an index for your requirement,or else skip,it ll go to default index)
sourcetype={SourceType-Name}

For EX:

[monitor:///opt/IBM/WebSphere/Plugins/logs/server.log]
disabled=false
followTail=true
host=sample-pc
index=public60
sourcetype=serverLog

After doing the above configurations,restart splunk using the command splunk restart in $SPLUNK_HOME/bin/.
Hope this is what u are expecting.let me know if you face any problems.

View solution in original post

sahoo0233 · ‎06-04-2015

Thanks rich, ill try it 🙂

sahoo0233 · ‎06-04-2015

If possible any link or video you can get for me so that i will be having a bettr understanding

How can i automate indexing of logs to splunk web?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!