Forums: SplunkGeneral: New Splunk FAQ

Previous Topic: Snag on Windows and syslogUDP  |   Next Topic: HPUX syslog to inux Splunk server


Posts 1–9 of 9  |  Post to this topic
1
Joseph Reeves's Mugshot posted by: Joseph Reeves  |  posts
date: April 18, 2006
permalink

Greetings Splunkers and Splunkees,

I noticed over the past few months that I've been active in the forums that there's some questions that come up somewhat frequently. While I haven't minded helping people out individually over email, I thought it would probably be more efficient to post it up on the web somewhere so that everyone can benefit. So I did :-)

You can find the FAQ that I wrote here: http://joseph.reeves.googlepages.com/splunkfaq

Suggestions and contributions are welcome. You may get my email address by clicking on my name in this forum.

Also, I put together a very detailed howto on setting up splunk with syslog-ng and a FIFO. The link for that is on my personal website here: http://www.mysfitt.net/tutorials/splunk_fifo.php

I think it's pretty complete, but if anybody finds a problem with it either, please let me know.

Cheers,
Joe

[Revised on Tue, 16 May 2006 09:06:20 -0700]

UPDATE: I've moved my Splunk FAQ to my main site at: http://mysfitt.net/tutorials/splunk_faq.php

There's also been a few recent updates to it. FYI: I'm working on some code to generate an RSS feed for my site. I think that'll make it a lot easier for folks to keep up with updates I make to the code and docs that I've got there.

2
boo's Mugshot posted by: boo  |  posts
date: April 18, 2006
permalink

Nice one Joe, There is some really useful stuff here, I'd advise all forum-ites to take a quick peek at these.

Cheers,
Rory

3
fronell's Mugshot posted by: fronell  |  posts
date: April 18, 2006
permalink

I'll second that. It was very nice to have instructions on how to get syslog-ng working quickly using fifo with Splunk. Not only that but to keep a separate copy of the logs for each host to!

-Chris

4
Joseph Reeves's Mugshot posted by: Joseph Reeves  |  posts
date: April 19, 2006
permalink

Thanks guys! Let me know if there's anything obvious that I've missed. Also, I'm open to contributions if someone would like to write up some quick notes on how to accomplish a certain goal.

5
Joseph Reeves's Mugshot posted by: Joseph Reeves  |  posts
date: May 9, 2006
permalink

Hey guys,

I just wanted to post a quick note to let everyone know that I've moved the FAQ to my main website and you can find it here:
http://mysfitt.net/tutorials/splunk_faq.php

The Splunk -> FIFO howto is also still located there and I've freshened up it's formatting recently to make the config parts stand out a little better.
http://mysfitt.net/tutorials/splunk_fifo.php

While you're there, you might want to check out log minion and file brigand as ways to get data into Splunk.

Brigand, in particular was designed with the Splunk "blackhole" directory in mind.

have fun!
Joe

6
mrjones's Mugshot posted by: mrjones  |  posts
date: May 16, 2006
permalink

test post

7
sambal's Mugshot posted by: sambal  |  posts
date: August 4, 2006
permalink

Unfortunately mysfitt.net is 404 today...

8
emma's Mugshot posted by: emma  |  posts
date: August 4, 2006
permalink

we have an official splunk FAQ here:

http://splunk.com/r/faq

9
darkfader's Mugshot posted by: darkfader  |  posts
date: August 17, 2006
permalink

last link is broken :)

http://www.splunk.com/index.php/articles/news/235
works at the moment.

Post to this topic

You must be logged in to post a reply.










close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: