cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
splkadmin
Explorer
Member since: ‎12-27-2020
‎02-03-2021
Community Statistics
Posts 10
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-27-2020
Activity Feed
View All

splunk APM - signalFx

by in Installation
‎02-03-2021 12:23 AM
‎02-03-2021 12:23 AM
Hello , we have an application to be monitor through an APM of Splunk, I heard there is a product  of SignalFx where to download the Splunk APM? And how we can install it and conifugre and for the client system is there any agent to be installed?   ... View more
Labels

Re: forwarder Logs

by SplunkTrust in Getting Data In
‎01-27-2021 05:33 AM
‎01-27-2021 05:33 AM
With your current configuration it sends all logs to the both target (indexer and syslog). If you want to send some logs to both and some to only one then you need remove remote-server from default and add into inputs.conf _SYSLOG_ROUTING = <remote group stanza name in outputs.conf for syslog target> to send only that one. That must do on every monitoring stanza.  https://docs.splunk.com/Documentation/Splunk/7.3.3/Admin/Inputsconf There is also _TCP_ROUTING parameter which is used with indexers.   ... View more

sending index data to another system

by in Splunk Enterprise
‎01-20-2021 01:17 AM
‎01-20-2021 01:17 AM
I have to forward the data from my single instance indexer to another system i.e indexer and third party system. I have tried the below configuration but I am receiving only the local system data i.e /var/log/cron as mentioned in input, how can I get the all hosts file that I configured on my index system. i .e log files of system1 ,system 2 etc. [root@splunkvm]# cd /opt/splunk/etc/system/local [root@splunkvm local]# cat inputs.conf [splunktcp://9997] connection_host = ip [monitor:///var/log/cron] disabled = false #_INDEX_AND_FORWARD_ROUTING=local index = index2 sourcetype = linux_logs _TCP_ROUTING = indexer [root@splunkvm local]# cat props.conf [source::/var/log/cron] TRANSFORMS-routing=indexer [root@splunkvm local]# cat transforms.conf [indexer] REGEX= . DEST_KEY=_TCP_ROUTING FORMAT=thirdindexer [root@splunkvm local]# cat outputs.conf [tcpout] indexAndForward = 1 [tcpout:thirdindexer] server = 192.168.x.x:9997 [root@splunkvm local]# ... View more

Re: Splunk integration with other tool

by SplunkTrust in Getting Data In
‎01-13-2021 09:54 AM
‎01-13-2021 09:54 AM
You can use single-instance Splunk Enterprise to forward data using methods/samples provided in the document. You do not need to have a heavy forwarder. You need to configure outputs.conf and also props.conf, transforms.conf in order to route data. ... View more

Browse apps not resolving unable to get it on spl...

by in Monitoring Splunk
‎12-30-2020 12:58 AM
‎12-30-2020 12:58 AM
Hello I am unable to find apps on Splunk web that I am getting below error, My system configured a internet through a proxy ip.  I am accessing a URL @ HTTP://10.x.x..x:8000/    Error resolving Name or service unknown ... View more
Labels

Re: windows logs monitoring

by SplunkTrust in Monitoring Splunk
‎12-28-2020 11:51 PM
‎12-28-2020 11:51 PM
Hi @splkadmin, good for you. Ciao and happy splunking. Giuseppe P.S.: Karma Points are appreciated 😉 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-03-2021 08:35 AM