Im furious............
2 hosts ( physical ) :: both Ubuntu Server. Read about Splunk and how dibi **bleep**s GHA ( soim)
Host #1: Installed Splunk as in docs, !!!!!!!!!!!!!
Host #2: created FREE Splunk cloud,
Configured everything as in docs.
No **bleep**ing logs.
HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Hi @awslabspl,
let me understand better because you shared few informations:
is it correct?
If yes, some questions:
In few words:
At firest obviously, you have to check if the rsyslog server is writing syslogs in files.
Then if you have all in the same host (rsyslog and Splunk) you have to configure inputs on Splunk.
If instead you are using two servers, you have to install another Splunk as Heavy Forwarder or a Universal Forwarder on the rsyslog server that sends logs to the Splunk.
In both cases see at https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/Getstartedwithgettingdatain how to ingest data.
Ciao.
Giuseppe
@gcusello thanks for the answer. I will not go into details as of my arch.
On the other hand Im 99% sure I will look for other log-management solution.
Hi @awslabspl,
I don't know why you's so sure to use another solution when the most customers are using Splunk!
Anyway, tell me if you want to continue the analysis of your Use Case.
Ciao and good luck with another solution.
Giuseppe
No answer??????????????????????????