Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

forwarding logs to third party system

kannu
Communicator
‎01-30-2019 02:48 AM

Hello All ,

I want to check that whether Splunk forwarder agent (UF) can be use to forward collected raw data to another analytics tool other than splunk , I mean third party analytics tools .

I have read some document that we can achieve this from UF /HF . But guys can you help me in to let me know that which all others third party tools i can use to test it .

Warm Regards
Manish

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vishaltaneja070
Motivator
‎01-30-2019 02:53 AM

@kannu

You can send logs to any of the tool like syslog, LogRythm or any other system.

This can be achieved with the help of Heavy forwarder or Intermediate Forwarder. Below Link will help you better:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd

View solution in original post

0 Karma
Reply
Solved! Jump to solution

coccyx
Path Finder
‎01-30-2019 08:31 AM

As the other posters have mentioned, you can forward out syslog messages to third party systems. However, you will lose the structure of the events. All events just get merged into one bytestream and so the destination system must be responsible for parsing again, and since you have multiple message types in one stream this can be very difficult.

Cribl (https://cribl.io/) allows you to route events to multiple systems but maintain full metadata. In addition, you can be very selective about what goes where and you can reshape and enrich events as they're moving.

Reply
Solved! Jump to solution

jianw223
Loves-to-Learn
‎10-16-2020 01:08 PM

This is an endorsement by a Cribl employee. As a previous user of Cribl, I would not recommend it.

0 Karma
Reply
Solved! Jump to solution

coccyx
Path Finder
‎01-30-2019 08:31 AM

As the other posters have mentioned, you can forward out syslog messages to third party systems. However, you will lose the structure of the events. All events just get merged into one bytestream and so the destination system must be responsible for parsing again, and since you have multiple message types in one stream this can be very difficult.

Cribl (https://cribl.io/) allows you to route events to multiple systems but maintain full metadata. In addition, you can be very selective about what goes where and you can reshape and enrich events as they're moving.

Reply
Solved! Jump to solution
Solution

vishaltaneja070
Motivator
‎01-30-2019 02:53 AM

@kannu

You can send logs to any of the tool like syslog, LogRythm or any other system.

This can be achieved with the help of Heavy forwarder or Intermediate Forwarder. Below Link will help you better:
https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd

0 Karma
Reply
Solved! Jump to solution

chrisyounger
SplunkTrust
SplunkTrust
‎01-30-2019 02:51 AM

Hi @kannu

You can forward as raw TCP or as syslog messages. here is the documentation: https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd hope it answers your questions.

Regards, Chris.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...