Solved: Re: Do we need to upload missing estreamer logs to...

utk123 · ‎10-31-2018

My estreamer to device connection was down for sometime, so now I want to upload missing device logs to splunk.
I thought once the connection is established estreamer running on splunk will automatically pull missing logs from Device, but that's not happening.
I can follow steps listed on below link to upload missing logs to splunk, but not sure if the format would be same as the one pulled by estreamer?

http://docs.splunk.com/Documentation/SplunkLight/6.3.0/Gettingstarted/Uploadafile

lakshman239 · ‎01-09-2019

if you are using eStreamer add-on, you can place the file in the $SPLUNK_HOME/etc/apps/TA-eStreamer/data, the add-on will read/parse and send it to required indexers correctly. [ assuming the format is same as the original ones]

View solution in original post

lakshman239 · ‎01-09-2019

if you are using eStreamer add-on, you can place the file in the $SPLUNK_HOME/etc/apps/TA-eStreamer/data, the add-on will read/parse and send it to required indexers correctly. [ assuming the format is same as the original ones]

Do we need to upload missing estreamer logs to splunk or its automatic ?

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms