Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I can upload a file and analyse.
splunk > Search > Add more data > from
files and directories
But how do I use TCP and / or UDP?
Assuming I have hosted splunk on 10.10.10.100, I want to access the logs on 10.10.10.99 and the location is “/var/log/somefile.log”
Currently I am copying the file from 99 to 100 and then analysing. Is there a better way to dynamically link to the source ?
You have a few options to accomplish this:
Install a Splunk forwarder on
10.10.10.99and configure it to forward to10.10.10.100. This is the most reliable and flexible approach. See http://www.splunk.com/base/Documentation/latest/Deploy/AboutforwardingandreceivingdataUse syslog or syslog-ng to do forwarding from
.99to.100. You can then set up Splunk to either monitor the syslog log file or listen directly on the syslog network port, depending on how you setup syslog. This is most efficient if you already have syslog running in your datacenter.Setup a raw TCP (or UDP) forwarder on
.99, i.e., netcat, and have it stream data over to.100.In general, you will get a faster response to Splunk questions over at http://splunk-base.splunk.com/answers/.