I have a tftp64 syslog service running on a windows box. Right now I have a few network appliances sending their syslogs to it.
My question is, If I install the universal forwarder on the host and it connects via 999X to Splunk, is it possible to make splunk send the logs into specific indexes based on the appliance?
Do not syslog directly to splunk. Setup syslog-ng to write to files, then use Splunk UF with monitor
stanzas, each of which can go to a different index:
http://www.georgestarcher.com/splunk-success-with-syslog/
Do not syslog directly to splunk. Setup syslog-ng to write to files, then use Splunk UF with monitor
stanzas, each of which can go to a different index:
http://www.georgestarcher.com/splunk-success-with-syslog/