Monitoring Splunk

What Data Collection Methods Splunk support ?

yantian
New Member

before I start to use Splunk to my Data Analytics, I need to assess what systems/devices can be analyzed on what granularity based on what Data Collection Methods (HTTP API, syslog, proactively polling or passively receiving etc) Splunk support, this basically implies what Splunk is capable of..

It was a shame that such important information was not mentioned anywhere based on my search..

anyone has comprehensive answer for this question ?

Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi yantian,
you should read https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/WhatSplunkcanmonitor

Splunk Enterprise can index any kind of data. In particular, any and all IT streaming, machine, and historical data, such as Windows event logs, web server logs, live application logs, network feeds, metrics, change monitoring, message queues, archive files, and so on.

Anyway:

  • files and directories using Universal Forwarder (Splunk agent),
  • scripts using Universal Forwarder (Splunk agent),
  • syslogs by network (UDP or TCP),
  • http/https calls,
  • Windows Event logs,
  • WMI,
  • SNMP events,
  • APIs.

Ciao.
Giuseppe

View solution in original post

0 Karma

yantian
New Member

Thank you all for the reply. the URL is quite informative and helpful. cheers.

0 Karma

adonio
Ultra Champion

kindly read here all the way through:
https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/WhatSplunkcanmonitor

in general, Splunk can index any human readable data from any device leveraging different input techniques
to list some:
direct via port (TCP / UDP)
monitor files and directories
rest api calls
http event collection
scripted inputs (stdout of script)
data base collections
many more options

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi yantian,
you should read https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/WhatSplunkcanmonitor

Splunk Enterprise can index any kind of data. In particular, any and all IT streaming, machine, and historical data, such as Windows event logs, web server logs, live application logs, network feeds, metrics, change monitoring, message queues, archive files, and so on.

Anyway:

  • files and directories using Universal Forwarder (Splunk agent),
  • scripts using Universal Forwarder (Splunk agent),
  • syslogs by network (UDP or TCP),
  • http/https calls,
  • Windows Event logs,
  • WMI,
  • SNMP events,
  • APIs.

Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...