Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

new to splunk, wanting to monitor client's sbs boxes automatically

adamgardner
New Member
‎10-12-2010 03:09 PM

Hi, im posting from a small IT company who looks after x amount of clients. We want to be able to have splunk monitor the remote SBS boxes, (both sbs2003 and 2008), looking for errors in the event logs and when there is a problem with a server, such as it goes offline or looses a connection to WAN or LAN. Is this possible in splunk? can someone provide me with steps or good documentation

0 Karma
Reply

ftk
Motivator
‎10-12-2010 03:17 PM

This is possible. Your best starting point for this would be the official Splunk documentation, specifically the Installation Manual, found here: http://www.splunk.com/base/Documentation/latest/Installation/WhatsintheInstallationManual

Be sure to read up the prerequisites and architecture diagrams, the Windows installation process, and advanced concepts such as forwarder to ship data from remote servers.

After reading through the Installation Manual, I recommend downloading a copy of Splunk and installing the evaluation copy on a Dev system. Start playing around with it, add some of your data, and go through the Admin Manual as you become more familiar with splunk. Put together some dev (or even live) systems and start monitoring some sbs servers. Once you got your process and searches down, adding more systems should be easy.

Reply

dwaddle
SplunkTrust
SplunkTrust
‎10-12-2010 03:36 PM

Splunk can "get data" from any place that has connectivity between the client(forwarder) and the indexer. This might mean additional firewall holes and/or VPN-style setups depending on your particular environment, but the only roadblock here is a lack of connectivity.

Reply

adamgardner
New Member
‎10-12-2010 03:33 PM

thanks for the reply, in regarding the remote servers, these are based off site, however we have a development Hyper-V box which is on a seperate internet line, am i right in thinking that splunk can still get data from these servers?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...