Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

koshyk
Super Champion
‎11-02-2017 05:30 AM

one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data into Splunk using Splunk Universal forwarder . They can't send us fluentd due to firewall restrictions.

  • How can Splunk UF read from logstash? Does it have to query ELK api to do this?
  • Can Splunk UF do polling to get data on a regular basis?

Worse case I'm asking them to write the data into a file , but wanted to see Splunk UF native intergration to ELK if its present

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jayannah
Builder
‎12-17-2017 02:32 PM

Yes, you can do in multiple ways

  1. Configure logstash send the data over to Splunk using tcp output plugin and create tcp input on Splunk
  2. On logstash use http output plugin to send to Splunk
  3. Config logstash to write the events to log file and have Splunk forwards to read and send to Splunk indexes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jayannah
Builder
‎12-17-2017 02:32 PM

Yes, you can do in multiple ways

  1. Configure logstash send the data over to Splunk using tcp output plugin and create tcp input on Splunk
  2. On logstash use http output plugin to send to Splunk
  3. Config logstash to write the events to log file and have Splunk forwards to read and send to Splunk indexes
0 Karma
Reply
Solved! Jump to solution

ragmenion
New Member
‎02-28-2020 06:19 AM

Hello Can you help with option 2. examples are appreciated

0 Karma
Reply
Solved! Jump to solution

ragmenion
New Member
‎02-28-2020 06:18 AM

Hi.
Can you help me with option too . i am not able to work that out. examples would help

0 Karma
Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎11-02-2017 07:15 AM

Interesting, a thread about the opposite direction - Can we use a Splunk universal forwarder to forward logs to an ELK server (Kibana)?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...