Getting Data In
Highlighted

How to get data from Remote Server?

Explorer

Hi All,

I am new to Splunk.

We have central server where different types of logs are generated.

How can I register or give reference of that Remote Server's URL in Splunk?
(i.e. :/server/logs/)

I want to register server url in Splunk so each time it fetches the updated indexed log details.

Thanks.

Highlighted

Re: How to get data from Remote Server?

Legend

You'll need to post more details on the remote server. How are the logs on it accessed? Through CIFS, HTTP, FTP, ...

0 Karma
Highlighted

Re: How to get data from Remote Server?

Splunk Employee
Splunk Employee

You'll need a forwarder installed on that server so that the logs can get sent to Splunk to be indexed and searched centrally.

http://docs.splunk.com/Documentation/Splunk/latest/Data/Usingforwardingagents

Highlighted

Re: How to get data from Remote Server?

Explorer

I have installed forwarder.

0 Karma
Highlighted

Re: How to get data from Remote Server?

Legend

OK. Where? What part of the setup are you struggling with?

0 Karma
Highlighted

Re: How to get data from Remote Server?

Explorer

while installing it ask for host detail two times with default port numbers, just to know where I can give my server details.

0 Karma
Highlighted

Re: How to get data from Remote Server?

Splunk Employee
Splunk Employee
0 Karma
Highlighted

Re: How to get data from Remote Server?

Explorer

I have look into configuration files. Also I need to refer above links to check with my setup.

0 Karma
Highlighted

Re: How to get data from Remote Server?

Splunk Employee
Splunk Employee

Please post your configuration file settings for forwarding and receiving and maybe that will let us help you on this issue.

Look in /etc/system/local/inputs.conf

On the forwarder look in /etc/system/local/outputs.conf

0 Karma
Highlighted

Re: How to get data from Remote Server?

Explorer

Just checking configuration and installation, After installing the forwarder on my machine, I can see, before only Splunk folder was there and now another folder SplunkForwarder is created. So there are two setup folders now, is this expected? Or I am missing something?

0 Karma