Getting Data In

Ingesting logs from rsyslog

awslabspl
Observer

Im furious............

2 hosts ( physical ) :: both Ubuntu Server. Read about Splunk and how dibi **bleep**s GHA ( soim)

 

Host #1: Installed Splunk as in docs, !!!!!!!!!!!!!

Host #2: created FREE Splunk cloud,

Configured everything as in docs.

 

No **bleep**ing logs.

 

HELP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Labels (1)
Tags (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @awslabspl,

let me understand better because you shared few informations:

  • you have a physical host that's receiving syslogs with rsyslog,
  • rsyslog receives sysloigs and writes them in files,
  • you want to read thes logs and send them to. Splunk;

is it correct?

If yes, some questions:

  • to which Splunk do you want to send logs: Splunk Cloud or on premise?
  • what do you mean saying: "Host #2: created FREE Splunk cloud"?
  • the rsyslog server is one of host 1 or host 2 or it's in another host?
  • what's your architecture?

In few words:

  • you can use one of the servers are syslog server and the second as Splunk All-in-one,
  • or you can use an host both as rsyslog server and Splunk All-in-one.

At firest obviously, you have to check if the rsyslog server is writing syslogs in files.

Then if you have all in the same host (rsyslog and Splunk) you have to configure inputs on Splunk.

If instead you are using two servers, you have to install another Splunk as Heavy Forwarder or a Universal Forwarder on the rsyslog server that sends logs to the Splunk.

In both cases see at https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/Getstartedwithgettingdatain how to ingest data.

Ciao.

Giuseppe

0 Karma

awslabspl
Observer

@gcusello thanks for the answer. I will not go into details as of my arch.

On the other hand Im 99% sure I will look for other log-management solution.

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @awslabspl,

I don't know why you's so sure to use another solution when the most customers are using Splunk!

Anyway, tell me if you want to continue the analysis of your Use Case.

Ciao and good luck with another solution.

Giuseppe

0 Karma

awslabspl
Observer

No answer??????????????????????????

 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...