Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Onboard unknown source SC4S

johnansett
Communicator
‎11-25-2020 09:45 AM

Hello Splunkers!

We have deployed SC4S and it works fine for Trend but we're now using it for VPN (Aviatrix) which doesn't have a prebuilt source.

Data coming into main on the fallback so we're good to go, but looking for details on HOW to add custom sources.  I've been through https://splunk-connect-for-syslog.readthedocs.io/en/master/ many times but nothing really explains it.

We've deployed Bring Your Own Environment and everything is under /etc/syslog-ng.

Would really appreciate some steps on how to add new source!

Thanks

Labels (1)
Labels
0 Karma
Reply
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!