Getting Data In

Syslog configuration

niha1318
New Member

Hi

Need help on Syslog configuration setup. actually they are appliances with Linux OS. Any best practices would be very helpful.

Is this setup needs to be on H.F? Or any other recommendations?

Is there any Apps/Add-on's?

Thanks,

0 Karma

mdsnmss
SplunkTrust
SplunkTrust

Hi niha1318.

There are a few good resources on this but I definitely recommend taking a look at a couple of Splunk .Conf sessions on the topic. If you go to https://conf.splunk.com/conf-online.html and search for FN1616 and FN123102 there are some good talks about getting syslog set up for Splunk. If you join the Splunk Community Slack channel (https://splk.it/slack) there are several channels dedicated to syslog as well.

You have the option of using a HF or UF but you want to avoid the HF if you can. The UF will be better for load balancing in a distributed environment and HF will increase resource usage and data sent across the network. If all you are doing is forwarding the data to your indexer(s) you can just use a UF. The apps/add-ons also depend on the data on syslog and whether or not you use a HF. If you use a heavy forwarder all of your parsing add-ons for the data on syslog would need to reside on the HF. Most add-ons will tell you whether or not they should be placed on a forwarder so it all depends on the kind of data you will be getting through syslog.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...