- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to send logs from a Kiwi syslog server to Splunk?
How to integrate Kiwi syslog server with Splunk? I mean what configuration changes are required to perform on the kiwi syslog server end.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Jeremiah,
While all these links tell about installing a forwarder, we can directly use the feature in our kiwi syslog to forward logs to our splunk on any of the TCP port, which we can later configure in our splunk as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wouldn't recommend that solution. You'd have to create multiple ports if you want to classify the data differently. With the forwarder that's easy, just create multiple monitor stanzas. The forwarder handles failures much better as well. A bare TCP listener won't properly handle loadbalancing across multiple Splunk servers nor will it gracefully handle connection failures.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
`+ 1 to Jeremiah's comment.
Use the Force[warder] Luke!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This has been addressed several times, take a look at:
https://answers.splunk.com/answers/290158/how-do-i-send-data-from-kiwi-syslog-to-a-splunk-in.html
https://answers.splunk.com/answers/80134/what-is-the-easiest-way-to-get-data-from-a-kiwi-syslog-serv...
You may not need to change anything if your Kiwi server is currently writing to files with parseable timestamps. Just point Splunk at the files and you should be set.
