Solved: forward to syslog

sigizmynd · ‎01-18-2018

I want to you splunk forwarder to send apache-logs to syslog

i made config:

/opt/splunkforwarder/etc/system/local

inputs.conf
[default]
host = my_hostname

outputs.conf
[syslog]
defaultGroup=syslogGroup

[syslog:my_syslog_group]
server = IP:514

props.conf
[host::cpanel*]
TRANSFORMS-cpanel = send_to_syslog

[source::/usr/local/apache/domlogs/logfile]

transforms.conf
[send_to_syslog]
REGEX = .
DEST_KEY = _SYSLOG_ROUTING
FORMAT = my_syslog_group

i restart splunk
/opt/splunkforwarder/bin/splunk restart

and nothing happened (it don't send any information)
and in logs, i can't see source files

harsmarvania57 · ‎01-18-2018

Using Universal forwarders you can't send data to syslog server Reference doc, you require splunk enterprise instance.

You can configure a heavy forwarder to send data in standard syslog format. The forwarder sends the data through a separate output processor. The syslog output processor is not available for universal or light forwarders.

View solution in original post

harsmarvania57 · ‎01-18-2018

Using Universal forwarders you can't send data to syslog server Reference doc, you require splunk enterprise instance.

You can configure a heavy forwarder to send data in standard syslog format. The forwarder sends the data through a separate output processor. The syslog output processor is not available for universal or light forwarders.

forward to syslog

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...