Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Ingesting logs from rsyslog

awslabspl
Observer
‎02-09-2021 06:46 AM

Im furious............

2 hosts ( physical ) :: both Ubuntu Server. Read about Splunk and how dibi **bleep**s GHA ( soim)

 

Host #1: Installed Splunk as in docs, !!!!!!!!!!!!!

Host #2: created FREE Splunk cloud,

Configured everything as in docs.

 

No **bleep**ing logs.

 

HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-09-2021 07:44 AM

Hi @awslabspl,

let me understand better because you shared few informations:

  • you have a physical host that's receiving syslogs with rsyslog,
  • rsyslog receives sysloigs and writes them in files,
  • you want to read thes logs and send them to. Splunk;

is it correct?

If yes, some questions:

  • to which Splunk do you want to send logs: Splunk Cloud or on premise?
  • what do you mean saying: "Host #2: created FREE Splunk cloud"?
  • the rsyslog server is one of host 1 or host 2 or it's in another host?
  • what's your architecture?

In few words:

  • you can use one of the servers are syslog server and the second as Splunk All-in-one,
  • or you can use an host both as rsyslog server and Splunk All-in-one.

At firest obviously, you have to check if the rsyslog server is writing syslogs in files.

Then if you have all in the same host (rsyslog and Splunk) you have to configure inputs on Splunk.

If instead you are using two servers, you have to install another Splunk as Heavy Forwarder or a Universal Forwarder on the rsyslog server that sends logs to the Splunk.

In both cases see at https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/Getstartedwithgettingdatain how to ingest data.

Ciao.

Giuseppe

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 09:56 AM

@gcusello thanks for the answer. I will not go into details as of my arch.

On the other hand Im 99% sure I will look for other log-management solution.

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-09-2021 11:29 PM

Hi @awslabspl,

I don't know why you's so sure to use another solution when the most customers are using Splunk!

Anyway, tell me if you want to continue the analysis of your Use Case.

Ciao and good luck with another solution.

Giuseppe

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 06:50 AM

No answer??????????????????????????

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...