Re: Field extraction - limited interesting and sel...

ezparra05 · ‎12-21-2020

Hi,

Are there apps to help with the extraction of sourcetype = linux_syslog. I have hosts(solaris,rhel,etc) sending logs over udp on discrete ports and the limited fields and selected fields are really limited. Yes, I know it is not recommended to send syslog directly to splunk but this is will have to do until we can purchase hardware and setup a syslog server. Also, I am not able to install UF on these hosts either.

Any help is much appreciated!

ezparra05 · ‎12-22-2020

The "Splunk Add-on for Unix and Linux" does not solve my issue and I can not install the UF on these hosts.

gcusello · ‎12-21-2020

Hi @ezparra05,

did you tried with the "Splunk Add-On for Unix and Linux (https://splunkbase.splunk.com/app/833/)?

Anyway, see if you can use a Universal Forwarder is definitely very better than syslogs!

Ciao.

Giuseppe

ezparra05 · ‎12-22-2020

Hi @gcusello ,

Yes, I already do have the "Splunk Add-on for Unix and Linux" installed. Thank you!

gcusello · ‎12-22-2020

Hi @ezparra05,

good for you,

if this answer solves your need, please, accept it for the other people of Community, otherwise, please tell me how can I help you.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

Field extraction - limited interesting and selected fields

field extraction

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!