Splunking files on Windows boxes
October 23, 2007 6:04 AM Subscribe
Getting Splunk running on Solaris 5.8, with log files on Windows boxes.
So I've installed Splunk on a Solaris 5.8 box, and now I need to get some data into it. We have a large amount of Windows servers, among other things, with Tomcat logs that I'd love to get into Splunk. People currently remote desktop onto the servers and peruse the logs in Notepad.... ugh!
How best to do this?
It seems that the most obvious way is to mount the Windows drives using SaMBa so Splunk considers them to be locally hosted files (albeit from another server).
Any other way? The less painful, the better.
Let's assume disk space and network bandwidth aren't an issue. I'm just new to Splunk and not too sure of my options. I did RTFM but can't see much specifically about this. I'm sure it's there, somewhere painfully obvious.
So I've installed Splunk on a Solaris 5.8 box, and now I need to get some data into it. We have a large amount of Windows servers, among other things, with Tomcat logs that I'd love to get into Splunk. People currently remote desktop onto the servers and peruse the logs in Notepad.... ugh!
How best to do this?
It seems that the most obvious way is to mount the Windows drives using SaMBa so Splunk considers them to be locally hosted files (albeit from another server).
Any other way? The less painful, the better.
Let's assume disk space and network bandwidth aren't an issue. I'm just new to Splunk and not too sure of my options. I did RTFM but can't see much specifically about this. I'm sure it's there, somewhere painfully obvious.
Response by poster: Thanks rhizome. I guess I'm looking for an arrangement where I can do all the configuration on the single Splunk server. There are many different types of software and log files out there, on many different servers. Installing SNARE on each server may be an option later on, but for now I want to make a proof-of-concept installation. And I don't have admin privs on the Windows boxes :-)
Maybe I should have mentioned that before!
posted by ajp at 8:39 AM on October 23, 2007
Maybe I should have mentioned that before!
posted by ajp at 8:39 AM on October 23, 2007
This thread is closed to new comments.
"You can use a third-party tool (SNARE, Monitorware, etc.)
to send the data from Windows servers and desktops to Splunk.
A native Windows version of Splunk will be available later this year."
posted by rhizome at 8:00 AM on October 23, 2007