Getting Data In

Splunk Forwarder and Receiver Problem

mehal
New Member

Hi All,

I am trying to setup a system where I need to get data from my storage server - Y onto splunk instance running on different server, we name it X. The only way ( probably ) i can access Y is to mount it on server X. Once mounted i can access data on server Y.

Now as far as I understood the process, I need to install splunk forwarder on server Y so that I can receive data on my splunk receiver which is on server X. But i am really stuck with how i can install/deploy splunk forwarder on server Y with access only from server X.

Please help me clarify points from above which possibly you did not understand.

Mehal

Tags (2)
0 Karma
1 Solution

Ayn
Legend

If you can mount the storage from Y onto X, you don't need to install a forwarder on Y. Just setup the mount properly so there's a file system path on X that can be used for accessing Y's storage, then setup your forwarder on X to monitor that path.

View solution in original post

0 Karma

Ayn
Legend

If you can mount the storage from Y onto X, you don't need to install a forwarder on Y. Just setup the mount properly so there's a file system path on X that can be used for accessing Y's storage, then setup your forwarder on X to monitor that path.

0 Karma

mehal
New Member

Yes, I tried following that but doesn't helping me much.
I did below to inputs.conf and outputs.conf files :

In SplunkForwarder:
I edited outputs.conf with following

[monitor://mnt/cloudstorage/unzipped_data]
_TCP_ROUTING = *
index = _internal
sourcetype=airtime_csv

edited inputs.conf with following
[tcpout:splunkindexer]
server = ipaddress:9997

In Splunk:
I edited outputs.conf with following

Edited inputs.conf with below
[splunktcp:9997]

and nothing for outputs.conf

But not working out.Also do we change above files in /etc/system/local directory or /etc/system/default directory ?

0 Karma

Ayn
Legend

It's covered pretty well in the docs, so my suggestion is for you to have a look there, and if you encounter any specific issues you're free to ask questions here on splunkbase.

0 Karma

mehal
New Member

Hi Ayn,
I mounted storage with following command.
mount -t cifs //hostname/dirc /mnt/dirname -o user=user,pass=pass
Also, I tried installing forwarder on X and did something with outputs.conf and inputs.conf but that doesn't seem to help either. Considering i mounted drive correctly can you help me out with configuring output.conf and input.conf files of forwarder and receiver. ?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...