How to retrieve a file from sFTP and copy to Splun...

manojchacko78 · ‎06-01-2023

Hi,

I have the system logs being dumped in the sFTP server and would like to access them and move to local folders in Splunk server. Can you please share the script i can use for this?

manojchacko78 · ‎06-02-2023

Hi @gcusello

Yes that is correct and got universal forwarder in the sFTP server

It worked now.

gcusello · ‎06-02-2023

Hi @manojchacko78 ,

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

isoutamo · ‎06-01-2023

Hi

maybe this helps you https://github.com/splunk/splunk-add-on-for-sftp-files-downloader

I haven't try it, but basically you should have modular input which do the collection of logs from remote sFTP server.

r. Ismo

gcusello · ‎06-01-2023

Hi @manojchacko78,

let me understand:

you have an sFTP server with some files that you would read and index in Splunk, is it correct?

have you a Universal Forwarder on this server?

if yes, you don't need to move it, you can create an input and ingest it in Splunk without a copy on another folder or server.

Could you better describe your requirement?

Ciao.

Giuseppe

How to retrieve a file from sFTP and copy to Splunk folder?

CSV

universal forwarder

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms