Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Using Splunk Universal Forwarder to collect fr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
koshyk
Super Champion
11-02-2017
05:30 AM
one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data into Splunk using Splunk Universal forwarder . They can't send us fluentd due to firewall restrictions.
- How can Splunk UF read from logstash? Does it have to query ELK api to do this?
- Can Splunk UF do polling to get data on a regular basis?
Worse case I'm asking them to write the data into a file , but wanted to see Splunk UF native intergration to ELK if its present
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jayannah
Builder
12-17-2017
02:32 PM
Yes, you can do in multiple ways
- Configure logstash send the data over to Splunk using tcp output plugin and create tcp input on Splunk
- On logstash use http output plugin to send to Splunk
- Config logstash to write the events to log file and have Splunk forwards to read and send to Splunk indexes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jayannah
Builder
12-17-2017
02:32 PM
Yes, you can do in multiple ways
- Configure logstash send the data over to Splunk using tcp output plugin and create tcp input on Splunk
- On logstash use http output plugin to send to Splunk
- Config logstash to write the events to log file and have Splunk forwards to read and send to Splunk indexes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ragmenion
New Member
02-28-2020
06:19 AM
Hello Can you help with option 2. examples are appreciated
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ragmenion
New Member
02-28-2020
06:18 AM
Hi.
Can you help me with option too . i am not able to work that out. examples would help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ddrillic
Ultra Champion
11-02-2017
07:15 AM
Interesting, a thread about the opposite direction - Can we use a Splunk universal forwarder to forward logs to an ELK server (Kibana)?
Get Updates on the Splunk Community!
Splunk MCP & Agentic AI: Machine Data Without Limits
Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...
Finding Based Detections General Availability
Overview
We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...
Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience
Hands-On Learning and Technical Seminars
Sometimes, you just need to see the code. For those looking for a ...
