Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

journalctl dhcpd log import?

splunkjosef
Explorer
‎10-21-2017 11:53 PM

My linux-based DHCP server running ISC DHCPD is running systemd and puts the dhcpd logs into the central logging system without creating a distinct dhcpd.log file. Instead I have to look at the logs with this command:

journalctl -u isc-dhcp-server

So I can no longer simply point my UF to the old dhcpd.log file for import into Splunk. How can I get these logs into Splunk?

0 Karma
Reply

bguilfoyle_splu
Splunk Employee
Splunk Employee
‎10-22-2017 06:40 PM

Perhaps try this as a scripted input.
Create an executable bash script with the command exec journalctl --since=now -f -u isc-dhcp-server
Add the script as an input on the forwarder:
$SPLUNK_HOME/bin/splunk add exec \
-source $SPLUNK_HOME/bin/scripts/myScriptName.sh \
-interval = 0

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...