Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Ingesting logs from rsyslog

awslabspl
Observer
‎02-09-2021 06:46 AM

Im furious............

2 hosts ( physical ) :: both Ubuntu Server. Read about Splunk and how dibi **bleep**s GHA ( soim)

 

Host #1: Installed Splunk as in docs, !!!!!!!!!!!!!

Host #2: created FREE Splunk cloud,

Configured everything as in docs.

 

No **bleep**ing logs.

 

HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-09-2021 07:44 AM

Hi @awslabspl,

let me understand better because you shared few informations:

  • you have a physical host that's receiving syslogs with rsyslog,
  • rsyslog receives sysloigs and writes them in files,
  • you want to read thes logs and send them to. Splunk;

is it correct?

If yes, some questions:

  • to which Splunk do you want to send logs: Splunk Cloud or on premise?
  • what do you mean saying: "Host #2: created FREE Splunk cloud"?
  • the rsyslog server is one of host 1 or host 2 or it's in another host?
  • what's your architecture?

In few words:

  • you can use one of the servers are syslog server and the second as Splunk All-in-one,
  • or you can use an host both as rsyslog server and Splunk All-in-one.

At firest obviously, you have to check if the rsyslog server is writing syslogs in files.

Then if you have all in the same host (rsyslog and Splunk) you have to configure inputs on Splunk.

If instead you are using two servers, you have to install another Splunk as Heavy Forwarder or a Universal Forwarder on the rsyslog server that sends logs to the Splunk.

In both cases see at https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/Getstartedwithgettingdatain how to ingest data.

Ciao.

Giuseppe

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 09:56 AM

@gcusello thanks for the answer. I will not go into details as of my arch.

On the other hand Im 99% sure I will look for other log-management solution.

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-09-2021 11:29 PM

Hi @awslabspl,

I don't know why you's so sure to use another solution when the most customers are using Splunk!

Anyway, tell me if you want to continue the analysis of your Use Case.

Ciao and good luck with another solution.

Giuseppe

0 Karma
Reply

awslabspl
Observer
‎02-09-2021 06:50 AM

No answer??????????????????????????

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Ready to make your IT operations smarter and more efficient? Discover how to automate Splunk alerts with Red ...