Hi
We have log from an Elasticsearch syslog. And we want to import these logs into Splunk.
How can i do that ?
I would have done like this:
- modify the /opt/splunk/etc/deployment-apps/cg93_all_uf_syslog_inputs/local/file and add
[udp://number_port]
sourcetype = elastic
index = switch_logs
Is that correct?
Thanks
Sham
This might be helpful for anyone visiting; I have started working on an addon for Elasticsearch instances, feel free to use it!
https://splunkbase.splunk.com/app/4175/