Reporting

Fetch data from FTP Server

som_80in
New Member

what is configuration to be done with TCP in splunk in add data in web or in inputs.conf file to fetch proxy logs logs which are collected in FTP server.
I cannot mount the disk nor i can install forwarder in the FTP server.I want to configure with TCP.

Please help

Tags (1)
0 Karma

nicholasgrabows
Path Finder

There is a new splunkbase app called "importutil". It lets you import csv files (or any input) from an http url via the splunk search command line. Also works for ftp. sftp is experimental.

http://splunk-base.splunk.com/apps/69078/importutil

Here is an ftp example. Pulling from the bureau of labor stats:

|importutil ftp ftp://ftp.bls.gov/pub/time.series/ce/ce.data.102.WeeklyEarningsHist
| multikv
| table series_id, year, period, value, footnote_codes

Here is an example that imports data from the federal reserve economic data website:

|importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.csv
| multikv
| table DATE, VALUE
0 Karma

dwaddle
SplunkTrust
SplunkTrust

You will need to write some form of program/script to pull the logs from the FTP server and store them where Splunk can read them. Splunk has no built-in way of connecting to a server, retrieving files via FTP, and indexing them.

If this is linux, you might possibly be able to use something like CurlFtpFS to make the remote FTP server mountable. However, it is highly unknown how well (or if at all) this will work with Splunk.

kallu
Communicator

Scripting ftp isn't that difficult. Here is some examples to get you started
http://www.stratigery.com/scripting.ftp.html

dwaddle
SplunkTrust
SplunkTrust

I have no such script, sorry ...

0 Karma

som_80in
New Member

Thanks a lot dwaddle.Can you please let me know any sample scripts to run on.I will also try CurlFtpFS and get back to u.

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...