Splunk Search

Field extraction - limited interesting and selected fields

ezparra05
Engager

Hi,

Are there apps to help with the extraction of sourcetype = linux_syslog. I have hosts(solaris,rhel,etc) sending logs over udp on discrete ports and the limited fields and selected fields are really limited. Yes, I know it is not recommended to send syslog directly to splunk but this is will have to do until we can purchase hardware and setup a syslog server. Also, I am not able to install UF on these hosts either.

Any help is much appreciated!

Labels (1)
0 Karma

ezparra05
Engager

The  "Splunk Add-on for Unix and Linux" does not solve my issue and I can not install the UF on these hosts.

0 Karma

gcusello
Legend

Hi @ezparra05,

did you tried with the "Splunk Add-On for Unix and Linux (https://splunkbase.splunk.com/app/833/)?

Anyway, see if you can use a Universal Forwarder is definitely very better than syslogs!

Ciao.

Giuseppe

0 Karma

ezparra05
Engager

Hi @gcusello ,

Yes, I already do have the "Splunk Add-on for Unix and Linux" installed.  Thank you!

0 Karma

gcusello
Legend

Hi @ezparra05,

good for you,

if this answer solves your need, please, accept it for the other people of Community, otherwise, please tell me how can I help you.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...