Activity Feed
- Karma Is it possible to set "Forwarder Management" as the default app on a Deployment Server? for chris_barrett. 10-12-2020 12:49 AM
- Got Karma for Re: Best practices - Syslog-ng to splunk. 06-05-2020 12:51 AM
- Karma is Fundamentals part 2 ( Power User) free for Partner for singhashwani. 06-05-2020 12:50 AM
- Karma Log DNS Responses from BIND 9.10 for use with Enterprise Security for panovattack. 06-05-2020 12:48 AM
- Karma Splunk Universal Forwarder using 2GB of RAM? for kendrickt. 06-05-2020 12:47 AM
- Karma Limit Memory used by forwarder on Domain Controller for wbfoxii. 06-05-2020 12:46 AM
- Karma Re: Limit the memory used by Universal Forwarder for gkanapathy. 06-05-2020 12:46 AM
- Karma Re: "First-time-run has not finished." After migrating to new host for marksnelling. 06-05-2020 12:45 AM
- Posted Re: Best practices - Syslog-ng to splunk on Getting Data In. 04-10-2020 01:33 AM
- Posted Re: Best practices - Syslog-ng to splunk on Getting Data In. 04-09-2020 05:29 AM
Topics I've Started
No posts to display.
04-10-2020
01:33 AM
04-09-2020
05:29 AM
1 Karma
Hi,
You can install an Universal Forwarder on the Syslog server to forward data to your Splunk instance as a best practice.
Hardware requirements for a Splunk Universal forwarder https://docs.splunk.com/Documentation/Forwarder/8.0.3/Forwarder/Systemrequirements.
As you have also mentioned that you are losing some data while the Splunk server/services are restarted, you can use the UseACK(Indexer Acknowledgement) feature on the Universal Forwarder so that the data sent is acknowledged by the Splunk Instance. Till the ACK is not received, Splunk Universal Forwarder holds the events in queue and will resend again.
Refer this article https://docs.splunk.com/Documentation/Forwarder/8.0.3/Forwarder/Protectagainstthelossofin-flightdata for more information.
Please up vote this answer if it helps you with your query.
... View more
