Getting Data In

Data import in SPLUNK

abhayneilam
Contributor

Hi,

I have a Digital Guardian( DG) Tool installed in around 10 systems to prevent the data leakage, DG tool generates the Activity Log every Monday and there is a team who uploads those logs in the library and every time we download the logs from that library and import to SPLUNK.

Please let me know what ever the logs are getting generated by DG tool, I want all those logs to be imported directly to SPLUNK ( means : Logs will be generated by DG tool and automatically be fed to SPLUNK ), I dont wish to downlod the log and then import it to SPLUNK , instead I want the logs to be imported directly

Please help me to solve this problem

Your help is very much appreciated in this regards,

Tags (4)
0 Karma
1 Solution

Drainy
Champion

Have a read of this;

http://docs.splunk.com/Documentation/Splunk/5.0.1/Deploy/Aboutforwardingandreceivingdata

It should hopefully answer most of your questions, if you hit a snag then just post back 🙂

View solution in original post

0 Karma

abhayneilam
Contributor

I was just asking that DG tool is generating set of files every monday that i want to directly import to my SPLUNK server, How it could be done ? Please suggest me some solutions

0 Karma

Ayn
Legend

I'm not sure how this question really relates to Splunk - isn't it more a matter of how Digital Guardian logs can be extracted? If so, wouldn't it be better to ask in a forum for the Digital Guardian product?

0 Karma

Drainy
Champion

Have a read of this;

http://docs.splunk.com/Documentation/Splunk/5.0.1/Deploy/Aboutforwardingandreceivingdata

It should hopefully answer most of your questions, if you hit a snag then just post back 🙂

0 Karma

Ayn
Legend

You can definitely do that.

0 Karma

Drainy
Champion

You could use http://splunk-base.splunk.com/apps/50803/splunk-db-connect from the indexer to connect directly, or use heavy forwarders to potentially connect remotely and forward the data. I haven't really explored how it functions yet

0 Karma

abhayneilam
Contributor

Is it possible to connect SPLUNK forwarders with the SQL server, so that It will run a query to fetch the data and directly those data will be sent to the SPLUNK server..

Please help !!

0 Karma

Ayn
Legend

???

You've been around for quite some time here and you don't know how Splunk licensing works? The Universal Forwarder can be downloaded free of charge from http://www.splunk.com/download/universalforwarder

0 Karma

abhayneilam
Contributor

You mean to say that I should have "forwarders" installed in all those 10 servers too, so that it could collect the data generated by DG tool and forwards to the SPLUNK server directly for processing... If this is so , Do I need to pay anything to get the SPLUNK forwarders ? please suggest

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...