Getting Data In

How does Splunk get logs from Linux or Windows servers?

cyberportnoc
Explorer

i am a beginner

how do splunk get log from linux server or window server?

do (Active) splunk actively get log from linux server or window server or (Passive) linux server or window server send log to splunk actively ?

if splunk actively get log from linux server or window server , where can i configure this server list in splunk?
if linux server or window server send log to splunk that get log passively, what is the command and format do i need to send this log

can i send window server log with python script using udp to send to splunk like send to syslog of linux ?
what is the ip address and port i need to send

0 Karma

gcusello
Legend

Hi cyberportnoc,
as suggested by esix, see http://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor.

The easiest way is to install a Universal forwarder on you server to monitor and deploy on each one two Technical Add-Ons (TAs):

In these TAs you can find all the scripts and monitoring stanzas to monitor all your servers.
The only activity you have to do is choose what do you need (wineventogs, processes, installed softwares, perfmon, etc...) and enable the related stanzas of inputs.conf changing disabled=1 in disabled=0 in the requested stanzas.

I have only two recommendations:
- analyze your requests before start your activity because you could have too logs and exceed your license;
- if you have to configure a production environment with many servers use a Deployment Server to deploy TAs in your monitored servers ( http://docs.splunk.com/Documentation/Splunk/7.0.0/Updating/Aboutdeploymentserver ).

Bye.
Giuseppe

esix_splunk
Splunk Employee
Splunk Employee

I think you should read docs on how to Get Data into Splunk, here is a great starting point : http://docs.splunk.com/Documentation/Splunk/7.0.0/Data/WhatSplunkcanmonitor .

In a nutshell, there is an agent (Universal Forwarder) that you deploy. On this agent, you tell it what to collect and where to send it.

cyberportnoc
Explorer

i find previous peer's guideline, he use add data -> upload, it upload a zip file and then choose server
but what is this zip file, what do it zip?

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

That would be a zip file from a server, and it contains log files. If you dont know what ZIP, or archive files are, you should spend sometime on your favorite search engine to understand archive files.

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...