×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
borjales
Engager
Member since: ‎08-27-2021
‎08-31-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎08-27-2021
View All

Re: newbie question on how to setup splunk to rece...

by SplunkTrust in Installation
‎08-27-2021 07:07 AM
1 Karma
‎08-27-2021 07:07 AM
1 Karma
Hi @borjales, yes, it's possible. Splunk can work as a syslogs server to ingest syslogs. You can find this feature as a basic Splunk Enterprise feature or (better) using the Syslog Connect App (https://splunkbase.splunk.com/app/4740/). You can enable the feaure on Indexers or on a dedicated Splunk server called Heavy Forwarder, that's a full Splunk installation that forwards all data to the indexers. The choice to have a dedicated server for this role, obviously depends on the volume of syslogs. To complete the architecture, for HA reasons, it's better to enable syslog ingesting on two Splunk Servers (Indexers or HFs), putting in front of them a Load Balancer to manage load balancing and fail over (as you know you can take syslogs only when they are sent, but you loose them if you have a problem on the receiver). If this answer solves your problem, please, accept it for the other people of Community. Ciao. Giuseppe P.S.: Karma Points are appreciated 😉 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-31-2021 07:20 AM
Karma given to
View All