The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Previous Topic: Does Splunk support logging in MySQL DB? | Next Topic: SplunkD crash under Debian Linux
Posts 1–8 of 8
I am trying to setup a pair of VCS servers and would like to push the engine_A.log to our production Splunk servers, but I want to send it to a DNS name in order to utilize our VIP. Without using the VIP I am tied to using an IP. What happens when that IP goes down? We lose logs. I could probably send to both our production Splunk servers, but then I would have duplicate entries.
Is there a way around setting up Distrubuted / Data Forwarding to use a DNS entry versus an IP?
Regards.
Are you saying that you are unable to forward data to an IP address? If so, are there any errors in splunkd.log when you try to do so?
No. I would like to send it to a DNS name....Splunk only offers the ability to send to an IP address.
What version of Splunk are you using? In version 3.2 and 3.3, I can specify a DNS name no problem:
[tcpout]
defaultGroup = support06_group
disabled = false
indexAndForward = true
[tcpout:support06_group]
disabled = false
server = support06.splunk.com:9997
Thanks.
I was using the Splunk GUI and it only has setting for IP setup. I will look further into where this is setup and test it out.
This might be "enhancement" to allow for IP or DNS.
Regards
I actually created the above config via the Splunk GUI, version 3.3 :)
I doubled back and added in DNS entry versus IP and yes, it works. IP is misleading and should be renamed IP or DNS.
As always....thank you, ARaitz
No one better!
Thanks Paul! I agree it is misleading, so I filed case 17038 on your behalf.