Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to add log data that is currently pulled from a shared folder?

tmblue
Engager
‎02-08-2017 09:50 AM

I'm wondering with Splunk Cloud, how does one migrate log inputs that are watching a directory and grabbing new files as they come in? Obviously Splunk Cloud has no access to my systems anymore, so how does one go about migrating these type of jobs to Splunk Cloud?

Thanks

Tags (2)
0 Karma
Reply

aaraneta_splunk
Splunk Employee
Splunk Employee
‎03-11-2017 10:20 AM

@tmblue - Did the answer provided by kmccririe help provide a working solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

0 Karma
Reply

kmccririe_splun
Splunk Employee
Splunk Employee
‎02-08-2017 11:22 AM

You can certainly set up a forwarder to do this. You would install that forwarder where it can access those various directories you want to monitor, then take the inputs from the inputs.conf on your Splunk instance and put them on that forwarder.

If you aren't forwarding the data to your standalone Splunk instances there is probably an inputs.conf on the indexer bringing in the data.

Regardless of where the inputs.conf is you will need the stanzas in that conf file that monitors the directories you want. You want those on the forwarder inputs.conf

You can then get the forwarder to send data to Splunk Cloud. You will need to download the Splunk Cloud forwarder credentials app and install it on the forwarder. Here is the directions https://docs.splunk.com/Documentation/SplunkCloud/6.5.1612/User/ForwardDataToSplunkCloudFromWindows

0 Karma
Reply

kmccririe_splun
Splunk Employee
Splunk Employee
‎02-08-2017 10:33 AM

Where are you migrating from? Is this from on a prem installation to Splunk cloud? Are you using a forwarder?

I am trying to figure out what inputs you are mentioning and where they are located.

0 Karma
Reply

tmblue
Engager
‎02-08-2017 11:12 AM

Thank you. i'm coming from a standalone installation at the moment. single indexer, search head etc. It currently has multiple inputs that are "watching various directories on a shared NFS volume" We are looking to migrate to Splunk Cloud and I'm trying to understand how I do this migration. Sounds like I need a forwarder to push to splunk cloud, but honestly I'm not 100% sure how I accomplish that from where I currently am (stand alone installation).

Thanks again

Tory

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...