Getting Data In

Can universal forwarders detect and forward newly created logs

suhprano
Path Finder

Can Splunk universal forwarders handle and forward newly created log files? I would like to forward data as raw logs to a remote server and not a splunk indexer using the splunk forwarder, but is it smart enough to trigger upon file creation?

Tags (2)
1 Solution

piebob
Splunk Employee
Splunk Employee

if you specify a directory in the inputs.conf being used by the forwarder in question, and the log file is created in that directory, it will get forwarded automatically.

for details about how Splunk monitors files and directories: http://www.splunk.com/base/Documentation/latest/Data/Monitorfilesanddirectories

details on how forwarders can get data: http://www.splunk.com/base/Documentation/latest/Data/Usingforwardingagents

i missed that you were talking about forwarding to a third-party (not splunk) host, here is the info for that:

http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd

View solution in original post

piebob
Splunk Employee
Splunk Employee

if you specify a directory in the inputs.conf being used by the forwarder in question, and the log file is created in that directory, it will get forwarded automatically.

for details about how Splunk monitors files and directories: http://www.splunk.com/base/Documentation/latest/Data/Monitorfilesanddirectories

details on how forwarders can get data: http://www.splunk.com/base/Documentation/latest/Data/Usingforwardingagents

i missed that you were talking about forwarding to a third-party (not splunk) host, here is the info for that:

http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...