Page 1 of 1
LS events export to Splunk
Posted: Wed Jan 31, 2018 9:42 am
by DataAssure
How to export Log Server events to Splunk? I read one user was able to accomplish that via Port#9997 but I couldn't anything in LS Admin & User Guide. Any ideas? Tx
Re: LS events export to Splunk
Posted: Wed Jan 31, 2018 1:41 pm
by mcapra
The below documentation assumes you are using Nagios Log Server 2.0+.
It sort of depends on some specifics of your Splunk architecture.
A very common way to forward messages from Logstash to Splunk generally is to use a
syslog Logstash output rule pointed at a Splunk Heavy Forwarder or syslog aggregator:
https://www.elastic.co/guide/en/logstas ... yslog.html
I would provide documentation on how to configure additional outputs in Nagios Log Server if I could find any
This documentation has some of the same steps, except instead of Splunk it's forwarding to Nagios XI/Core as passive checks:
https://assets.nagios.com/downloads/nag ... bjects.pdf
Let us know if you have additional questions or something is unclear.
Re: LS events export to Splunk
Posted: Wed Jan 31, 2018 2:49 pm
by cdienger
Thanks
@mcapra
I've used the following to send data from NLS to a remote syslog server:
Code: Select all
syslog {
procid => "Nagios"
facility => 'daemon'
host => '10.50.121.180'
port => '514'
protocol => 'tcp'
severity => 'informational'
}
Re: LS events export to Splunk
Posted: Thu Feb 01, 2018 10:41 am
by DataAssure
Tx guys! Will give that a try.
Re: LS events export to Splunk
Posted: Thu Feb 01, 2018 12:35 pm
by dwhitfield
Please let us know if you have any additional questions.
Re: LS events export to Splunk
Posted: Fri Feb 02, 2018 5:31 am
by DataAssure
We have Splunk Heavy Forwarder and will give that a try.
Re: LS events export to Splunk
Posted: Fri Feb 09, 2018 11:16 am
by kyang
Sounds good!
Let us know if you have any more questions.