×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Rescudero
Engager
Member since: ‎10-15-2025
‎10-15-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-15-2025
View All

Re: Parsing linux events from syslog to SC4S and S...

by in Getting Data In
‎10-15-2025 08:24 AM
‎10-15-2025 08:24 AM
Hello and thank you, So why does the SC4S documentation mention that Add-on here? https://splunk.github.io/splunk-connect-for-syslog/main/sources/base/nix/ Unfortunately, having another syslog-ng server that aggregates everything and sends to SC4S is a project requirement. Just as installing a forwarder on that server isn't feasible. Regards ... View more

Parsing linux events from syslog to SC4S and Splun...

by in Getting Data In
‎10-15-2025 07:50 AM
‎10-15-2025 07:50 AM
Hello, Due to the requirements of the project I am working on, all events will arrive at Splunk Cloud from SC4S. They will arrive at SC4S from a single syslog server that groups several sources and sends them via RFC5424. In SC4S, we filter and apply a parser to assign an index and sourcetype to the events before sending them to Splunk Cloud. We normally filter by APPNAME, which allowed us to separate some sources, but now we are receiving events from Linux servers with a multitude of APPNAMEs. We have managed to group the Linux events that arrive from su, sshd-session, sshd, proftpd, sudo, SSH, usermod, radiusd, and root and send them to Splunk Cloud. We have installed this AddOn in Splunk Cloud: https://splunkbase.splunk.com/app/833 How can we get the events to be parsed with the information from the AddOn? Can anything be done from SC4S? Important: we only have the Splunk Cloud instance and SC4S installed on an AWS S3, no other elements. Best regards. Translated with DeepL.com (free version) ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-15-2025 07:29 AM
Karma given to
View All