×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Rah
Loves-to-Learn
Member since: ‎09-27-2022
‎03-26-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-27-2022
Activity Feed
View All

Re: How can I keep Syslog from reading and storing...

by in Getting Data In
‎09-27-2022 05:45 PM
‎09-27-2022 05:45 PM
Here is an example of syslog-ng configuration that stores the data on disk for Splunk to read. You will need to manage the data's retention with something like logrotate. https://www.splunk.com/en_us/blog/tips-and-tricks/using-syslog-ng-with-splunk.html Here is an example that uses syslog-ng and HEC, where no data is stored on the syslog server. https://www.splunk.com/en_us/blog/tips-and-tricks/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html You could also use the Splunk App for Syslog (SC4S) https://splunkbase.splunk.com/app/4740/ https://splunk.github.io/splunk-connect-for-syslog/main/   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-26-2025 04:37 PM