Getting Data In

Multiple server logs indexing

ganeshgs
New Member

Hello,

We have our application in multiple servers, we need to index the log files.

two options to do that.

1) Using forwarder/receiver - do we need to install forwarder to all server or is there any way we can achieve this.
2) Using Shell script – coping the logs files to destination and indexing in SPLUNK.

Thanks,

Tags (1)
0 Karma

e82than
Communicator

I concur Lisa's suggestion. Using the forwarder will be useful when deploying in large enterprises. If you do not use scripted inputs, it will also allow business continuity. You can further use a deployment server, to manage it when you have too many forwarders to look at.

0 Karma

ganeshgs
New Member

One quick clarification. I guess even deployment server also suggest to install splunk instance in each servers.
So what if we hosted our application in cloud environment and have limited access to servers.

0 Karma

pioneer817
New Member

(spam removed)

0 Karma

lguinn2
Legend

I would install the forwarder on all the servers. It will be easier than using a shell script, and work better.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You can make the forwarders point to individual server log files as well. For a large number of forwarders you can use the deployment server to roll out any configuration changes to similar forwarders in one go.

0 Karma

ganeshgs
New Member

But we run application on 21 servers on Load Balancing.
we are checking for any possibility in splunk to connect from receiver to other servers through SSH, like Putty.
By this way we can directly point to individual server log files through "Data Inputs >> files and directories" option and make splunk to listen to this logs and continuously collect data.

Thanks,

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...