Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to send logs from a Kiwi syslog server to Splunk?

rishabhey2016
Explorer
‎04-13-2016 07:40 PM

How to integrate Kiwi syslog server with Splunk? I mean what configuration changes are required to perform on the kiwi syslog server end.

0 Karma
Reply

rishabhey2016
Explorer
‎04-15-2016 10:59 PM

Thanks Jeremiah,

While all these links tell about installing a forwarder, we can directly use the feature in our kiwi syslog to forward logs to our splunk on any of the TCP port, which we can later configure in our splunk as well.

0 Karma
Reply

Jeremiah
Motivator
‎04-17-2016 07:12 AM

I wouldn't recommend that solution. You'd have to create multiple ports if you want to classify the data differently. With the forwarder that's easy, just create multiple monitor stanzas. The forwarder handles failures much better as well. A bare TCP listener won't properly handle loadbalancing across multiple Splunk servers nor will it gracefully handle connection failures.

Reply

jplumsdaine22
Influencer
‎04-18-2016 04:50 AM

`+ 1 to Jeremiah's comment.

Use the Force[warder] Luke!

0 Karma
Reply

Jeremiah
Motivator
‎04-13-2016 11:19 PM

This has been addressed several times, take a look at:

https://answers.splunk.com/answers/290158/how-do-i-send-data-from-kiwi-syslog-to-a-splunk-in.html
https://answers.splunk.com/answers/80134/what-is-the-easiest-way-to-get-data-from-a-kiwi-syslog-serv...

You may not need to change anything if your Kiwi server is currently writing to files with parseable timestamps. Just point Splunk at the files and you should be set.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...