I am doing something similar at my company. There isn't a whole lot of setup necessary, really. Here's a bit of my inputs.conf
[tcp://33333]
disabled = false
connection_host = dns
index = foo
sourcetype = bar
You can find more config in the docs for inputs.conf
Other than that, it pretty much works. Hope this helps.
I am doing something similar at my company. There isn't a whole lot of setup necessary, really. Here's a bit of my inputs.conf
[tcp://33333]
disabled = false
connection_host = dns
index = foo
sourcetype = bar
You can find more config in the docs for inputs.conf
Other than that, it pretty much works. Hope this helps.
I see. thank you.
So we have written an in house app that takes care of getting the log data out over TCP. You might be able to get creative with netcat or similar tools.
Thanks for the answer. I can add these configuration in the splunk server but I am still puzzled on how to "push" web access log from remote server to splunk over tcp?