Solved: Re: sending in data over TCP

shangshin · ‎06-21-2012

Hi, I have web log file available on remote linux and would like to send it to splunk server over TCP. I have aded a new TCP port, 33333, on the splunk server but can't find the document to continue. Can someone show me the right direction or document?

miwalker · ‎06-21-2012

I am doing something similar at my company. There isn't a whole lot of setup necessary, really. Here's a bit of my inputs.conf

[tcp://33333]  
disabled = false  
connection_host = dns  
index = foo  
sourcetype = bar

You can find more config in the docs for inputs.conf

Other than that, it pretty much works. Hope this helps.

View solution in original post

miwalker · ‎06-21-2012

I am doing something similar at my company. There isn't a whole lot of setup necessary, really. Here's a bit of my inputs.conf

[tcp://33333]  
disabled = false  
connection_host = dns  
index = foo  
sourcetype = bar

You can find more config in the docs for inputs.conf

Other than that, it pretty much works. Hope this helps.

shangshin · ‎06-21-2012

I see. thank you.

miwalker · ‎06-21-2012

So we have written an in house app that takes care of getting the log data out over TCP. You might be able to get creative with netcat or similar tools.

shangshin · ‎06-21-2012

Thanks for the answer. I can add these configuration in the splunk server but I am still puzzled on how to "push" web access log from remote server to splunk over tcp?

sending in data over TCP

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms