How do I enable FTP? (I know how to capture the logs after they are FTP'd to us)
We have devices that cannot have a universal forwarder installed on them. They only have FTP files. We need a way to FTP the files from these devices into our splunk server for processing.
Splunk itself does not include an FTP server. You need a third-party product to provide this functionality for you.
The FTP Receiver app is lacking documentation on how to get this app running. Does anyone have any suggestions? I ran this
(index=_internal sourcetype=ftp_modular_input) OR (sourcetype=ftp) per the troubleshooting details and received nothing.
There is a README.txt file in the app that contains instructions.
Now that you have the app installed, you will need to create an input to start the FTP server:
Make sure that the path that you are serving the files from exists.
See https://raw.githubusercontent.com/LukeMurphey/splunk-ftp-receiver/master/src/README.txt for the full details.
There now is an app that runs an FTP server so that you can accept files via FTP into Splunk directly. See the "FTP Receiver" app.
There is a new splunkbase app called "importutil". It lets you import csv files (or any input) from an http url via the splunk search command line. Also works for ftp. sftp is experimental.
http://splunk-base.splunk.com/apps/69078/importutil
Here is an ftp example. Pulling from the bureau of labor stats:
|importutil ftp ftp://ftp.bls.gov/pub/time.series/ce/ce.data.102.WeeklyEarningsHist
| multikv
| table series_id, year, period, value, footnote_codes
Here is an example that imports data from the federal reserve economic data website:
|importutil http http://research.stlouisfed.org/fred2/data/PAYEMS.csv
| multikv
| table DATE, VALUE
Splunk itself does not include an FTP server. You need a third-party product to provide this functionality for you.
Thank you so much! This is just what I was looking for.
The most common ftpd in Linux is simply the ftpd you get if you run 'apt-get install ftpd' on a debian/ubuntu box. There's nothing wrong with that one. There's also ProFTPD, PureFTPD, vsftpd, etc. What you might want is an FTPD that has its own user management so you don't have to mix users in the FTP server software with those in the underlying operating system. The default ftpd doesn't do this if I recall correctly, but the other ones I listed do.
Server Platform: Linux
Server platform Version: RHEL5
Client OS: Windows xp or 7
Splunk Version: 4.3.3
Which OS / version?
What product would you suggest?