How to send logs to multiple Windows 2008 R2 serve...

khalilrg4 · ‎04-15-2015

I am EXTREMELY new to Splunk and I need to send my logs to multiple log servers without bringing my Splunk to the ground. ---- How can I do this?

Here the case.
- Using Splunk for my logging
- Need to have the logs that are feeding to Splunk also feed to a SIEM
- Tried this once already and Splunk basically dies

juvetm · ‎04-15-2015

hi khaling4
You can use Attach task to this log or simply create a new scheduled task.
Use the trigger When a specific event is logged
Choose the log you want to monitor (you can choose multiple logs in the advanced task settings)
Set the action to Send an e-mail (and provide the nescessary information)
If you want any error sending a message you have to refine the trigger. Edit the trigger and choose custom. Then you have to press the button new event filter...

Tick Error in the error level part
In the drop down menu by log you can choose the log you want to monitor
With this event filter you get a message for each error that occurs.

khalilrg4 · ‎04-15-2015

Got it, but this is not for a specific event. It's essentially to allow for a secondary - non-Splunk logger to get the information being sent to Splunk from Splunk.

As you can tell I am completely new to this.

How to send logs to multiple Windows 2008 R2 servers?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update