using TCP or UDP [closed]

Closed. This question is off-topic. It is not currently accepting answers. 开发者_运维百科

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 11 years ago.

Improve this question

I can upload a file and analyse.

splunk > Search > Add more data > from files and directories

But how do I use TCP and / or UDP?

Assuming I have hosted splunk on 10.10.10.100, I want to access the logs on 10.10.10.99 and the location is "/var/log/somefile.log" Currently I am copying the file from 99 to 100 and then analysing. Is there a better way to dynamically link to the source ?

---

You have a few options to accomplish this:

1. Install a Splunk forwarder on 10.10.10.99 and configure it to forward to 10.10.10.100. This is the most reliable and flexible approach. See http://www.splunk.com/base/Documentation/latest/Deploy/Aboutforwardingandreceivingdata

2. Use syslog or syslog-ng to do forwarding from .99 to .100. You can then set up Splunk to either monitor the syslog log file or listen directly on the syslog network port, depending on how you setup syslog. This is most efficient if you already have syslog running in your datacenter.

3. Setup a raw TCP (or UDP) forwarder on .99, i.e., netcat, and have it stream data over to .100.

In general, you will get a faster response to Splunk questions over at http://splunk-base.splunk.com/answers/.