using TCP or UDP [closed]
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this questionI can upload a file and analyse.
splunk > Search > Add more data > from files and directories
But how do I use TCP and / or UDP?
Assuming I have hosted splunk on 10.10.10.100, I want to access the logs on 10.10.10.99 and the location is "/var/log/somefile.log" Currently I am copying the file from 99 to 100 and then analysing. Is there a better way to dynamically link to the source ?
You have a few options to accomplish this:
Install a Splunk forwarder on
10.10.10.99
and configure it to forward to10.10.10.100
. This is the most reliable and flexible approach. See http://www.splunk.com/base/Documentation/latest/Deploy/AboutforwardingandreceivingdataUse syslog or syslog-ng to do forwarding from
.99
to.100
. You can then set up Splunk to either monitor the syslog log file or listen directly on the syslog network port, depending on how you setup syslog. This is most efficient if you already have syslog running in your datacenter.Setup a raw TCP (or UDP) forwarder on
.99
, i.e., netcat, and have it stream data over to.100
.
In general, you will get a faster response to Splunk questions over at http://splunk-base.splunk.com/answers/.
精彩评论