Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Scripting to pull in logs from a URL

minton55
New Member
‎08-09-2011 07:46 AM

I am trying to create a script that will index retrieve Apache server logs but have been unable to figure out how to do it. I am not able to place a forwarder on the machine, but I do have HTTP access to the log directory. I have tried creating a script to pull down the log files using WGET (DOS, Windows), and I get it to pull down the files, but I can not figure out how to get Splunk to index them. The files are compressed, so I access_log_1.gz, access_log_2.gz, etc. I have places the script in the $Splunk_Home\bin\scripts dir, and it points to a .bat file in $Splunk_Home\bin. The only line of the bat file is: "wget -r -nv -nH -A "*.gz" http://10.10.10.10:8001/logs/"

Can someone point me to documentation or examples that show how to do this? Do I have to create an App to do it? Or can I just use a script only?

Thank you for any insight you can provide.

0 Karma
Reply

lukeh
Contributor
‎08-09-2011 06:11 PM

We use rsync to copy the apache logs from our web servers to our splunk server...

You can download a windows version of rsync from http://rsync.samba.org/download.html

FYI: cwRsync is a packaging of rsync for MS Windows

0 Karma
Reply

Brian_Osburn
Builder
‎08-09-2011 10:42 AM

Getting the logs to your Splunk server is only 1/2 of the battle. You have to set up a source to actually index the files. I'm making the assumption you are sticking these files somewhere else other then the scripts directory.

You will want to check out http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectories for more information on setting up a monitor..

Reply

minton55
New Member
‎08-09-2011 01:17 PM

This is what I was missing. I am not able to do this in one script. I have to create a script that will pull over the files, and then set up a monitor on the directory to pull in the logs as they are written there.

Thank you.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...