Hi All
I am testing splunk forward to non-splunk log server. I had tested use TCPData , the third party log server could receive log from splunk, but it seem parse error (every attribute as one event), then I try to use syslog mode, but splunk seem no response.
I check splunk's answer, and find a question similar with me, and one provide his answer that free splunk does not provide syslog forward.
http://answers.splunk.com/answers/109250/sending-splunk-data-to-syslog-server
Because I have no license to verify, so who could help me to check this answer ??
thanks!!
Hi wyldkao,
check this http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree there you can find information about the difference of free vs enterprise licens.
the docs only mention TCP/HTTP forward is not available...syslog is UDP by default. I haven't tested it my self so I cannot be 100% sure on this....
cheers, MuS
Hi All
Who had tested syslog forward to third-party log server ??
or Splunk has another trail licesne could test All function in short days, like 30 days trail license
Yes. Here is the link for more details: http://www.splunk.com/view/SP-CAAAE8W
Hi
about your reply, if I install splunk doftware without license (500MB/Day) is you say "60 days trail".
My mean is I oculd testing all function without license in 60 days, right ?
thanks!!
First 60-days of trial is not restricted of any functionality and hence should not be any different than an Enterprise commercial license during the trial period.
Certain features get disabled after the 60-day trial period is over.
Hi wyldkao,
check this http://docs.splunk.com/Documentation/Splunk/latest/Admin/MoreaboutSplunkFree there you can find information about the difference of free vs enterprise licens.
the docs only mention TCP/HTTP forward is not available...syslog is UDP by default. I haven't tested it my self so I cannot be 100% sure on this....
cheers, MuS
HI MuS
thanks your reply.
I like the previous question, only set my setting in outputs.conf (I did not set transforms.conf or props.conf)
[syslog:my_syslog_group]
server = 192.168.0.73:1555
indeed no event or message to third-party log server...
Because I just testing , not Splunk Customer, so I could not verify it.
wyldkao