tacolover101 wrote:how are you trying to configure the sending? there are many options i see viable here:hyacinth wrote:@kyang
I have tried both udp and tcp, but Splunk received nothing. Is there any config missed ? Besides, Is there any network requirement between NLS and Splunk ?
1. splunk forwarder
2. NLS output (which is the code you're seeing above, by @mcapra)
3. syslog (using built in rsyslog)
Dear Kyang,scottwilkerson wrote:You must pardon our ignorance, but we are not familiar with configuring Splunk, nor how you have configured your version of Splunk.hyacinth wrote:@kyang
I have tried both udp and tcp, but Splunk received nothing. Is there any config missed ? Besides, Is there any network requirement between NLS and Splunk ?
These setups are are hypothetical assuming you have splunk listening on the port and protocol specified, only you know that.
As for the config, it might help if we say yours from the Nagios Log Server, please run the followingCode: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/*
It wasn't attached, however, let us know if the configs match your Splunk configs and you still have issues.hyacinth wrote:Dear Kyang,
I have run the cat commande, and saw the output config as attached without problem. I'll check splunk config and the network between NLS and splunk. If any good news will give you a feedback. TKS!
HI Scott,scottwilkerson wrote:It wasn't attached, however, let us know if the configs match your Splunk configs and you still have issues.hyacinth wrote:Dear Kyang,
I have run the cat commande, and saw the output config as attached without problem. I'll check splunk config and the network between NLS and splunk. If any good news will give you a feedback. TKS!
We still don't know anything about your Splunk setup, so we can't tell you the best way to configure Nagios Log Server to your liking.mcapra wrote:It sort of depends on some specifics of your Splunk architecture.
As mentioned in my first post, the most common solution is to configure a syslog output rule in Nagios Log Server which is pointed at a Splunk forwarder:hyacinth wrote:Is there any scheme can work on that ?
Assuming your architecture includes one or several Splunk forwarders, I would suggest first getting that syslog output rule correctly configured in Nagios Log Server. Then once Splunk is receiving messages, you can worry about the filtering.A very common way to forward messages from Logstash to Splunk generally is to use a syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstas ... yslog.html
Yes purchases come with 10 support incidents and you could use one to learn to configure an output, however some on the learning and reading is still going to be on you because we do not always know what is best for your environment.hyacinth wrote:@scottwilkerson
Thanks for your infomation. We are not so fimiliar with log server filter and output rule configuration. Assume we have bought Nagios enterprise products from Nagios Agent, can we make this a custom case to get more support ?
