Getting Data In

Impact of installing syslog-ng in universal forwarder

ankithnageshshe
Path Finder

Hello Splunkers,

I have a requirement wherein I need to forward the data to the third-party system apart from sending logs to Splunk.

What is the impact of having syslog-ng along with universal forwarder that sends almost the same amount (mostly 75% same data) to a third party system?

Will this have a performance issue like "parsing queue getting filled" / network bandwidth consumption.

Which is the best way to integrate splunk to third party system.?

0 Karma

pruthvikrishnap
Contributor

Hi Ankith,

What is the impact of having syslog-ng along with universal forwarder that sends almost the same amount (mostly 75% same data) to a third party system?
Splunk has the capability of forwarding logs to third party applications in raw syslog format, its obviously a performance hit when you plan to use both Splunk and syslog for accomplishing the same task.

Will this have a performance issue like "parsing queue getting filled" / network bandwidth consumption.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html

Which is the best way to integrate splunk to third party system.?
It depends on the third party applications which you are planning to forward logs to.
https://docs.splunk.com/Documentation/Splunk/7.2.0/Forwarding/Forwarddatatothird-partysystemsd

0 Karma

ankithnageshshe
Path Finder

Thanks Pruthvi for the reply.

0 Karma

frobert
New Member

Hi,
You probably do not need both the universal forwarder and syslog-ng, you can forward logs to Splunk and third-party systems with syslog-ng alone.

0 Karma

ankithnageshshe
Path Finder

Thanks Robert for the reply

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...