Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

send log from Splunk Universal Forwarder to Nagios Log server

https://support.nagios.com/forum/viewtopic.php?t=75183

Page 1 of 1

send log from Splunk Universal Forwarder to Nagios Log server

Posted: Tue Apr 16, 2024 1:18 am
by halimm
Hi all,
Currently we're doing testing to send logs from Splunk Universal Forwarder to Nagios Log Server. We've installed Splunk UF in a window machine so that event from windows be sent to Splunk UF and then afterwards sent to Nagios Log Server. Received the connection in Nagios Log Server but the log itself is not readable. Received the log like below

"\u0016\u0003\u0001\u0000\x8C\u0001\u0000\u0000\x88\u0003\u0003\x92>\x...."

Anyone ever tried this setup and able to received readble log ?

Your kind feedback is very much appreciated.

Re: send log from Splunk Universal Forwarder to Nagios Log server

Posted: Wed Apr 17, 2024 9:41 am
by jsimon
Hi @halimm,

A bunch of the individual unicode values in that string do not translate to human readable characters, it looks like a bunch of header characters. I believe you'll need to configure Splunk or add some sort of filter to preprocess the output before it gets into Logstash to remove this sort of value.

Re: send log from Splunk Universal Forwarder to Nagios Log server

Posted: Wed Apr 17, 2024 9:50 am
by jmichaelson
This post may be helpful:

https://discuss.elastic.co/t/splunk-dat ... b/267654/3

In particular this link within it:

https://www.elastic.co/blog/migrating-f ... -migration
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited