How to retrieve a file from sFTP and copy to Splun...

manojchacko78 · ‎06-01-2023

Hi,

I have the system logs being dumped in the sFTP server and would like to access them and move to local folders in Splunk server. Can you please share the script i can use for this?

manojchacko78 · ‎06-02-2023

Hi @gcusello

Yes that is correct and got universal forwarder in the sFTP server

It worked now.

gcusello · ‎06-02-2023

Hi @manojchacko78 ,

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

isoutamo · ‎06-01-2023

Hi

maybe this helps you https://github.com/splunk/splunk-add-on-for-sftp-files-downloader

I haven't try it, but basically you should have modular input which do the collection of logs from remote sFTP server.

r. Ismo

gcusello · ‎06-01-2023

Hi @manojchacko78,

let me understand:

you have an sFTP server with some files that you would read and index in Splunk, is it correct?

have you a Universal Forwarder on this server?

if yes, you don't need to move it, you can create an input and ingest it in Splunk without a copy on another folder or server.

Could you better describe your requirement?

Ciao.

Giuseppe

How to retrieve a file from sFTP and copy to Splunk folder?

CSV

universal forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation