Solved: What is the best and fastest way to transport .log...

yangban · ‎04-25-2019

Hi we are trying to transport several .log files to a Forwarder by syslog.

We used some bash scripts to do so, but it was just way too slow for us.(nearly 1MB/min)

Is there anyone know a faster way?

Thanks.

FrankVl · ‎04-25-2019

You might want to take inspiration from this .conf17 talk: https://conf.splunk.com/conf-online.html?search=FN122172#/

Which uses a simple python script to send data to a HEC receiver.

Alternatively:
install a UF on the system where the log files are.
Or write a faster bash script (perhaps you can share what you had now).
Or configure an rsyslog/syslog-ng daemon to read from those files and then forward to a syslog receiver on the Forwarder.

View solution in original post

FrankVl · ‎04-25-2019

You might want to take inspiration from this .conf17 talk: https://conf.splunk.com/conf-online.html?search=FN122172#/

Which uses a simple python script to send data to a HEC receiver.

Alternatively:
install a UF on the system where the log files are.
Or write a faster bash script (perhaps you can share what you had now).
Or configure an rsyslog/syslog-ng daemon to read from those files and then forward to a syslog receiver on the Forwarder.

yangban · ‎04-25-2019

Thanks! I might try HEC!

What is the best and fastest way to transport .log files by syslog?

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?