Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

whether the freee splunk version could not configure syslog forward to third-party log server ??

wyldkao
New Member
‎04-17-2014 01:15 AM

Hi All
I am testing splunk forward to non-splunk log server. I had tested use TCPData , the third party log server could receive log from splunk, but it seem parse error (every attribute as one event), then I try to use syslog mode, but splunk seem no response.
I check splunk's answer, and find a question similar with me, and one provide his answer that free splunk does not provide syslog forward. 

http://answers.splunk.com/answers/109250/sending-splunk-data-to-syslog-server

Because I have no license to verify, so who could help me to check this answer ??

thanks!!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎04-17-2014 01:21 AM

Hi wyldkao,

check this http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree there you can find information about the difference of free vs enterprise licens.

the docs only mention TCP/HTTP forward is not available...syslog is UDP by default. I haven't tested it my self so I cannot be 100% sure on this....

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution

wyldkao
New Member
‎04-20-2014 06:40 PM

Hi All
Who had tested syslog forward to third-party log server ??
or Splunk has another trail licesne could test All function in short days, like 30 days trail license

0 Karma
Reply
Solved! Jump to solution

miteshvohra
Contributor
‎04-21-2014 12:02 AM

Yes. Here is the link for more details: http://www.splunk.com/view/SP-CAAAE8W

0 Karma
Reply
Solved! Jump to solution

wyldkao
New Member
‎04-20-2014 11:13 PM

Hi
about your reply, if I install splunk doftware without license (500MB/Day) is you say "60 days trail".
My mean is I oculd testing all function without license in 60 days, right ?

thanks!!

0 Karma
Reply
Solved! Jump to solution

miteshvohra
Contributor
‎04-20-2014 10:52 PM

First 60-days of trial is not restricted of any functionality and hence should not be any different than an Enterprise commercial license during the trial period.

Certain features get disabled after the 60-day trial period is over.

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
Legend
‎04-17-2014 01:21 AM

Hi wyldkao,

check this http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree there you can find information about the difference of free vs enterprise licens.

the docs only mention TCP/HTTP forward is not available...syslog is UDP by default. I haven't tested it my self so I cannot be 100% sure on this....

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

wyldkao
New Member
‎04-17-2014 01:39 AM

HI MuS
thanks your reply.
I like the previous question, only set my setting in outputs.conf (I did not set transforms.conf or props.conf)
[syslog:my_syslog_group]
server = 192.168.0.73:1555

indeed no event or message to third-party log server...
Because I just testing , not Splunk Customer, so I could not verify it.

wyldkao

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...