Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About pete00
pete00
Loves-to-Learn Everything
Member since:
10-02-2024
01-14-2025
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 10-02-2024 |
Activity Feed
- Posted Re: How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-21-2024 07:58 AM
- Posted Re: How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-21-2024 06:15 AM
- Posted Re: How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-18-2024 07:30 AM
- Posted Re: How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-17-2024 12:48 PM
- Posted Re: How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-15-2024 09:58 AM
- Posted Re: How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-15-2024 06:10 AM
- Posted How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-11-2024 09:06 AM
- Tagged How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-11-2024 09:06 AM
- Tagged How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-11-2024 09:06 AM
- Tagged How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-11-2024 09:06 AM
- Tagged How to configure universal forwarder to send logs to Logstash for DB Connect? on Deployment Architecture. 10-11-2024 09:06 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
10-21-2024
07:58 AM
So, I just figured out that customer do not connect any DB to Splunk using DBConnect. They just use Database native log -> Universal forwarder -> Splunk. Your doubt is valid why not use directly from native but now that I see they do not connect their DB to Splunk and just forward the logs, they can configure UF in such a way it can send us logs along with Splunk.
... View more
10-21-2024
06:15 AM
I did connect MySQL to Splunk using DBConnect but not on the Universal Forwarder, i do not know how I can connect a DB on UF. Also, I am still figuring out how I can send the audit logs for connected DB using Universal Forwarder
... View more
10-18-2024
07:30 AM
I apologize for the confusion. I am trying to send the data to a third-party application (not a Splunk database). Currently, I am working to connect various databases to Splunk, as the customer already has databases connected. My goal is to forward the audit logs from each database which is connected to Splunk to our system. We are using Logstash to receive the data, but since Logstash does not have a Splunk input plugin, I am attempting to use TCP to receive data and send it from the Universal Forwarder to a TCP port, which can be set to 514. The architecture looks like this: Splunk (with databases) -> Universal Forwarder -> Logstash -> Analysis.
... View more
10-17-2024
12:48 PM
Hi John, We are not using Splunk directly, but we are developing a tool for a customer who does. The customer has data sources connected to Splunk, and they want to forward the audit logs from these data sources using the Universal Forwarder. We're trying to figure out how to forward these audit logs to Logstash, either via TCP or Filebeat. Do you have any suggestions on how to achieve this? I’ve managed to receive syslog data on my local laptop using the Universal Forwarder with the following outputs.conf: [tcpout]
[tcpout:fastlane]
server = 127.0.0.1:514
sendCookedData = false I’ve also connected MySQL to Splunk using DB Connect to test it out, but I’m not receiving any MySQL logs.
... View more
10-15-2024
09:58 AM
Thank you for your response. I’m limited to using the Universal Forwarder (UF) only. From various resources, I’ve learned that UF can send raw data, which works for me. I’ve successfully set up Logstash to receive syslog data from my Mac using the TCP input plugin. I’m now wondering how I can configure it to receive data based on the Source or SourceType. Alternatively, is there a way to send all data to Logstash in real-time?
... View more
10-15-2024
06:10 AM
Sorry, i am new to Splunk. Yes, I have only being able to connect mySql to DBConnect but i am not able to configure it to logstash. Any idea how can i get the audit logs on logstash though TCP? UF can forward the log to TCP and logstash has a input plugin for TCP.
... View more
10-11-2024
09:06 AM
I'm trying to configuring Splunk Universal Forwarder to send logs to Logstash. I only have access to the Universal Forwarder (not the Heavy Forwarder), and I need to forward audit logs from several databases, including MySQL, PostgreSQL, MongoDB, and Oracle. So far, I’ve been able to send TCP syslogs to Logstash using the Universal Forwarder. Additionally, I’ve successfully connected to MySQL using Splunk DB Connect but I’m not receiving any logs from it to Logstash. I would appreciate any advice on forward database audit logs through the Universal Forwarder to Logstash in real time or is there any provision of creating a sink or something? Any help or examples would be great! Thanks in advance.
... View more
Labels
- Labels:
-
configuration
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-14-2025
11:11 AM
|
