How to send visual studio application log to Splun...

j_rajesh · ‎03-28-2017

I have installed Splunk Enterprise. Need to know the basic steps to send log data from my standalone visual studio application.

skoelpin · ‎03-28-2017

I'm assuming Splunk is installed on a separate server that visual studio is installed on?

If so then install a Splunk Universal Forwarder on the server with visual studio. Once installed, go back to the server where Splunk is installed and configure it to receive traffic via port 9997 by Settings > Forwarding and Receiving > Configure Receiving > New > Add 9997

You can also create a new index while on this server (I'd recommend doing so)

Now go back to the server where you installed the Splunk forwarder, go under $SPLUNK_HOME/etc/apps/search/local and create 2 files.. The first file is called inputs.conf and the second file will be called outputs.conf

Inputs.conf

[monitor://PATH_TO_YOUR_LOG_FILE]
index=YOUR_INDEX_NAME
sourcetype=YOUR_SOURCETYPE

Outputs.conf

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
disabled = false
server = YOUR_INDEXER_IP_ADDRESS:9997

Restart Splunkd on the forwarder after making these changes by going to $SPLUNK_HOME/bin and ./splunk restart

http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/Getstartedwithgettingdatain

How to send visual studio application log to Splunk Enterprise instance?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!