Hi,
I am very new to this tool. I have just installed Splunk 6.0 and till now haven't add any data.
I want to use this tool for my DC Network infra monitoring. So, can you please help me out how to proceed further ?
Your quick ans would be really appreciable.
Regards,
Tuhin
Add a syslog data input, probably a UDP data input on port 514 with a default sourcetype of syslog. Turn on syslog at the Switch to send data to the Splunk server on that port.
Forwarders are a different download and are very lightweight: http://www.splunk.com/download/universalforwarder
Yes, install a Splunk Universal Forwarder on the syslog server and forward the events directly into Splunk. You will need to setup Splunk as a receiver on the default port of 9997 if you have not done so already. This is pretty much the standard way that all customers get data from a syslog server into Splunk.
We already have SYSLOG server. Is there any way SPLUNK can fetch data directly from SYSLOG server or we need to install SPLUNK on syslog server itself to analyze the data ?
Regards,
Tuhin
More specifically, how should I forward the Cisco Switch data directly to Splunk so that it can use those data for showing result.
I have read about Splunk Universal Forwarder to collect dat directly from endpoints. So, in that case if I want to get the data directly from my Cisco Switch to SPLUNK, then how to proceed ?
Regards,
Tuhin