Getting Data In

Using Splunk Universal Forwarder to collect from ElasticSearch/Logstash

koshyk
Super Champion

one of our end-user clients have massive information stored in ELK stack. Our company needs to collect those data into Splunk using Splunk Universal forwarder . They can't send us fluentd due to firewall restrictions.

  • How can Splunk UF read from logstash? Does it have to query ELK api to do this?
  • Can Splunk UF do polling to get data on a regular basis?

Worse case I'm asking them to write the data into a file , but wanted to see Splunk UF native intergration to ELK if its present

0 Karma
1 Solution

jayannah
Builder

Yes, you can do in multiple ways

  1. Configure logstash send the data over to Splunk using tcp output plugin and create tcp input on Splunk
  2. On logstash use http output plugin to send to Splunk
  3. Config logstash to write the events to log file and have Splunk forwards to read and send to Splunk indexes

View solution in original post

0 Karma

jayannah
Builder

Yes, you can do in multiple ways

  1. Configure logstash send the data over to Splunk using tcp output plugin and create tcp input on Splunk
  2. On logstash use http output plugin to send to Splunk
  3. Config logstash to write the events to log file and have Splunk forwards to read and send to Splunk indexes
0 Karma

ragmenion
New Member

Hello Can you help with option 2. examples are appreciated

0 Karma

ragmenion
New Member

Hi.
Can you help me with option too . i am not able to work that out. examples would help

0 Karma

ddrillic
Ultra Champion

Interesting, a thread about the opposite direction - Can we use a Splunk universal forwarder to forward logs to an ELK server (Kibana)?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...