I was wondering if anyone is currently using Splunk forwarders as the means by which they receive all log data and then forward the data to multiple non-splunk sources?
I have several monitoring tools that require netflow data, snmp, and syslog and I wanted to use Splunk forwarders as the primary entryway for all monitoring data and then route/clone the data to multiple sources.
I am looking for any general guidelines and suggestions.
Specifically the product I am looking to integrate Splunk in front of is Spectrum but general advice is all I am looking for.
Thanks!
i'm more looking for anyone who is actually using Splunk to route to 3rd party systems for what they would consider 'production'
i have to make my case to the people running Spectrum if I think Splunk would work well and they're not gonna let me mess with their deployment if i'm not convincing and am just going off a gut feeling that Splunk is better
"tail" the log file and pipe to "netcat" 🙂
try syslog-ng or Samplicator. Both have their strength and weakness
not sure if you're also asking for this, but here is the documentation topic that discusses how to do that:
http://www.splunk.com/base/Documentation/latest/Deploy/Forwarddatatothird-partysystemsd
I had read the documentation already, I am looking for any 'best practices' advice