Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Impact of installing syslog-ng in universal forwarder

ankithnageshshe
Path Finder
‎11-14-2018 12:38 PM

Hello Splunkers,

I have a requirement wherein I need to forward the data to the third-party system apart from sending logs to Splunk.

What is the impact of having syslog-ng along with universal forwarder that sends almost the same amount (mostly 75% same data) to a third party system?

Will this have a performance issue like "parsing queue getting filled" / network bandwidth consumption.

Which is the best way to integrate splunk to third party system.?

0 Karma
Reply

pruthvikrishnap
Contributor
‎11-14-2018 03:31 PM

Hi Ankith,

What is the impact of having syslog-ng along with universal forwarder that sends almost the same amount (mostly 75% same data) to a third party system?
Splunk has the capability of forwarding logs to third party applications in raw syslog format, its obviously a performance hit when you plan to use both Splunk and syslog for accomplishing the same task.

Will this have a performance issue like "parsing queue getting filled" / network bandwidth consumption.
https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html

Which is the best way to integrate splunk to third party system.?
It depends on the third party applications which you are planning to forward logs to.
https://docs.splunk.com/Documentation/Splunk/7.2.0/Forwarding/Forwarddatatothird-partysystemsd

0 Karma
Reply

ankithnageshshe
Path Finder
‎11-15-2018 09:46 AM

Thanks Pruthvi for the reply.

0 Karma
Reply

frobert
New Member
‎11-15-2018 12:53 AM

Hi,
You probably do not need both the universal forwarder and syslog-ng, you can forward logs to Splunk and third-party systems with syslog-ng alone.

0 Karma
Reply

ankithnageshshe
Path Finder
‎11-15-2018 09:46 AM

Thanks Robert for the reply

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...

Application management with Targeted Application Install for Victoria Experience

Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...