Multiple server logs indexing

ganeshgs · ‎01-13-2013

Hello,

We have our application in multiple servers, we need to index the log files.

two options to do that.

1) Using forwarder/receiver - do we need to install forwarder to all server or is there any way we can achieve this.
2) Using Shell script – coping the logs files to destination and indexing in SPLUNK.

Thanks,

e82than · ‎01-13-2013

I concur Lisa's suggestion. Using the forwarder will be useful when deploying in large enterprises. If you do not use scripted inputs, it will also allow business continuity. You can further use a deployment server, to manage it when you have too many forwarders to look at.

ganeshgs · ‎01-14-2013

One quick clarification. I guess even deployment server also suggest to install splunk instance in each servers.
So what if we hosted our application in cloud environment and have limited access to servers.

pioneer817 · ‎01-13-2013

(spam removed)

lguinn2 · ‎01-13-2013

I would install the forwarder on all the servers. It will be easier than using a shell script, and work better.

martin_mueller · ‎01-14-2013

You can make the forwarders point to individual server log files as well. For a large number of forwarders you can use the deployment server to roll out any configuration changes to similar forwarders in one go.

ganeshgs · ‎01-13-2013

But we run application on 21 servers on Load Balancing.
we are checking for any possibility in splunk to connect from receiver to other servers through SSH, like Putty.
By this way we can directly point to individual server log files through "Data Inputs >> files and directories" option and make splunk to listen to this logs and continuously collect data.

Thanks,

Multiple server logs indexing

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life