how to configure logs as data source from remote unix server in splunk
https://stackoverflow.com/questions/8414879
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
how to configure splunk with log files residing on remote unix servers.
Normally i log into putty to a linux server, from there i ssh into another company server there i navigate through directories and perform my operations mainly as cat,zcat etc., with grep filters. Ex:
- 1)login to example_server from putty
- 2)ssh to ssh_server
- 3)cd to req dir
- 4)perform cat etc.,
BTW ssh_server will not allow directly to be logged in from putty, i have to first login to example_server and then there to ssh_server.
now how can i configure these log files to be used by splunk to search for a string as i use grep for. i've installed splunk on my laptop, and by clicking add data >files and dir > add new it show full path to your data field, wht path should i fill it with ?
Solution
The Splunk instance on your laptop can only index files and directories that it can "see." The data could be on a network share or a local volume, that's fine. But if you can't access the file or directory from your laptop, Splunk can't index it from your laptop.
However, if you configure your laptop Splunk as a receiver, you can install the Splunk Universal Forwarder on the Linux system(s) and have the data forwarded to your laptop.
But, if your laptop is not always on the network to receive the forwarded data, this may not be the best solution. You might instead simply ftp the files to your laptop in some local directory, then use the Upload option to add the files into Splunk on an ad-hoc basis. (After you upload the file into Splunk, you can delete the local copy.)
