How to get data/logs from a Web or application ser...

sathishsathiyam · ‎08-28-2016

I wanted to index logs from Web/application server and do all the search, report, alert from my machine. How this can be done? Either i need to install a Splunk instance where the server is placed or how to get connected.

renjith_nair · ‎08-29-2016

You need a forwarder to forward the data from applicaion server, an indexer to store the data and a search head to search it. All can be in a single machine or in three different machines or in a cluster.

It's difficult to provide a short answer. You have to decide and design your splunk deployment based on what you want to ingest , how and how much

Start from here.
http://docs.splunk.com/Documentation/Splunk/6.4.3/Capacity/ComponentsofaSplunkEnterprisedeployment
http://docs.splunk.com/Documentation/Splunk/6.4.3/Capacity/DimensionsofaSplunkEnterprisedeployment
http://docs.splunk.com/Documentation/Splunk/6.1.3/Installation/CapacityplanningforalargerSplunkdeplo...

---
What goes around comes around. If it helps, hit it with Karma 🙂

How to get data/logs from a Web or application server and do search and reporting from my machine?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation