×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dmarquardt_clim
New Member
Member since: ‎01-29-2015
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-29-2015
Activity Feed
View All

Re: splunkcloud and syslog from appliances

by Splunk Employee in All Apps and Add-ons
‎02-02-2016 11:03 PM
1 Karma
‎02-02-2016 11:03 PM
1 Karma
As @sobrien noted, a forwarder on a consolidated syslog server would be the way to go. One suggestion as well would be to have a heavy forwarder in the mix too - either as the syslog server or a 'relay' from a syslog server with a universal forwarder on it, forwarding to/through a heavy forwarder. The idea is a heavy forwarder can then allow you to perform all the advanced functionality such as transforms, masking, etc. so that you can limit the amount of stuff you are sending into your indexers to only the stuff that has value for your enterprise (reducing the amount you index against your license), mask security specific fields that might need to be obfuscated, etc. It also would allow a single (or fewer) holes that you have to poke through your outbound firewall(s). ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM