Solved: What is the best and fastest way to transport .log...

yangban · ‎04-25-2019

Hi we are trying to transport several .log files to a Forwarder by syslog.

We used some bash scripts to do so, but it was just way too slow for us.(nearly 1MB/min)

Is there anyone know a faster way?

Thanks.

FrankVl · ‎04-25-2019

You might want to take inspiration from this .conf17 talk: https://conf.splunk.com/conf-online.html?search=FN122172#/

Which uses a simple python script to send data to a HEC receiver.

Alternatively:
install a UF on the system where the log files are.
Or write a faster bash script (perhaps you can share what you had now).
Or configure an rsyslog/syslog-ng daemon to read from those files and then forward to a syslog receiver on the Forwarder.

View solution in original post

FrankVl · ‎04-25-2019

You might want to take inspiration from this .conf17 talk: https://conf.splunk.com/conf-online.html?search=FN122172#/

Which uses a simple python script to send data to a HEC receiver.

Alternatively:
install a UF on the system where the log files are.
Or write a faster bash script (perhaps you can share what you had now).
Or configure an rsyslog/syslog-ng daemon to read from those files and then forward to a syslog receiver on the Forwarder.

yangban · ‎04-25-2019

Thanks! I might try HEC!

What is the best and fastest way to transport .log files by syslog?

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

What is the best and fastest way to transport .log files by syslog?

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience