Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

whether the freee splunk version could not configure syslog forward to third-party log server ??

wyldkao
New Member
‎04-17-2014 01:15 AM

Hi All
I am testing splunk forward to non-splunk log server. I had tested use TCPData , the third party log server could receive log from splunk, but it seem parse error (every attribute as one event), then I try to use syslog mode, but splunk seem no response.
I check splunk's answer, and find a question similar with me, and one provide his answer that free splunk does not provide syslog forward. 

http://answers.splunk.com/answers/109250/sending-splunk-data-to-syslog-server

Because I have no license to verify, so who could help me to check this answer ??

thanks!!

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎04-17-2014 01:21 AM

Hi wyldkao,

check this http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree there you can find information about the difference of free vs enterprise licens.

the docs only mention TCP/HTTP forward is not available...syslog is UDP by default. I haven't tested it my self so I cannot be 100% sure on this....

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution

wyldkao
New Member
‎04-20-2014 06:40 PM

Hi All
Who had tested syslog forward to third-party log server ??
or Splunk has another trail licesne could test All function in short days, like 30 days trail license

0 Karma
Reply
Solved! Jump to solution

miteshvohra
Contributor
‎04-21-2014 12:02 AM

Yes. Here is the link for more details: http://www.splunk.com/view/SP-CAAAE8W

0 Karma
Reply
Solved! Jump to solution

wyldkao
New Member
‎04-20-2014 11:13 PM

Hi
about your reply, if I install splunk doftware without license (500MB/Day) is you say "60 days trail".
My mean is I oculd testing all function without license in 60 days, right ?

thanks!!

0 Karma
Reply
Solved! Jump to solution

miteshvohra
Contributor
‎04-20-2014 10:52 PM

First 60-days of trial is not restricted of any functionality and hence should not be any different than an Enterprise commercial license during the trial period.

Certain features get disabled after the 60-day trial period is over.

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
Legend
‎04-17-2014 01:21 AM

Hi wyldkao,

check this http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree there you can find information about the difference of free vs enterprise licens.

the docs only mention TCP/HTTP forward is not available...syslog is UDP by default. I haven't tested it my self so I cannot be 100% sure on this....

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

wyldkao
New Member
‎04-17-2014 01:39 AM

HI MuS
thanks your reply.
I like the previous question, only set my setting in outputs.conf (I did not set transforms.conf or props.conf)
[syslog:my_syslog_group]
server = 192.168.0.73:1555

indeed no event or message to third-party log server...
Because I just testing , not Splunk Customer, so I could not verify it.

wyldkao

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...