All Apps and Add-ons

Monitor remote Unix directory log file

Ravi_c
New Member

Hi,

Im new to splunk, I need to check the remote unix directory logfiles,

I need this approach as described below,
How can I look into that server, with ssh servername/password
Goto Specified path like /User/bin/MyAppl/Logs
Take the latest log file
Search for any ERROR like Java error.

If any error is there then
send a mail to the mail id.

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi Ravi_c,

this is not quiet the way it works.
First you need to understand how Splunk works, take a deep look at the docs about getting data in. After that read the docs about the universal forwarder. When done with that, learn how to search for the added data and finally create some alerts to get you an email if something is error'ing ...

hope this helps to get you started ...

cheers, MuS

0 Karma

MuS
SplunkTrust
SplunkTrust

universal forwarder is continuously monitoring any input you did configure. Network usage can be limited for the forwarder with the [thruput] maxKBps = in limits.conf.
Remote SSH login is not possible by using Splunk, but you could either mount this remote share locally or create a scripted input to get the files needed over scp/rsync.

0 Karma

Ravi_c
New Member

Thanks for your answer.

I think from Universal Forwarder will push the data from Unix machine to Splunk, if this happen, then will it hurt any network resources/network traffic. I need to monitor for every 2Mins of interval.

From Splunk cant we look/login into the other Unix/Windows server ?

Regards

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...