Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
Splunk Connect for Syslog app icon

Splunk Connect for Syslog

Splunk Connect for Syslog is an open source packaged solution to get data into Splunk using syslog-ng (OSE) and the Splunk HTTP event Collector. Purpose Splunk Connect for Syslog (SC4S) is a community project that helps reduce the pain of getting syslog data sources into Splunk. Splunk Connect for Syslog should be used by any Splunk customer needing to onboard data sources via syslog to Splunk. The primary pain points SC4S addresses include the following: Lack of deep syslog expertise in the community Inconsistency between syslog server deployments, which creates a support challenge Data sources tagged with catch-all sourcetype “syslog”, which limits Splunk analytics Uneven data distribution between Splunk indexers, which impacts search performance Versions: SC4S Enterprise is designed for Business that: Operate large-scale infrastructures where system stability is critical Require long-term support with minimal disruption Prefer fewer updates without compromising on quality SC4S lite is designed for Business that: The log types are limited and volume of data is too high Require local parsers for unsupported vendors Prefer custom data sources SC4S regular is designed for Business that: All kind of business big, small and large and who likes the pace Regular updates and fixes Frequent New features and experimental enhancements Benefits: * Repeatable, Concise, and Prescriptive Splunk solution for syslog * Removal of the UF reduces configuration and management effort * Turnkey deployment via the SC4S container architecture * A library of data source filters we will be continually growing with the help of the community * Exceptionally even event distribution across the Splunk Indexers (benefits search performance) * Enhanced data enrichment beyond the standard Splunk metadata of timestamp, host, source, and sourcetype * Easily add custom “filters” for additional sourcetypes beyond those supported out of the box * Complete deployment documentation

Built by
splunk product badge
screenshot
screenshot
screenshot
Last Updated
June 17, 2025
Compatibility
Not Available
Rating

0

(0)

Log in to rate this app
Support
Splunk Connect for Syslog support icon
Splunk Supported addon
Splunk Connect for Syslog is an open source packaged solution to get data into Splunk using syslog-ng (OSE) and the Splunk HTTP event Collector. Purpose Splunk Connect for Syslog (SC4S) is a community project that helps reduce the pain of getting syslog data sources into Splunk. Splunk Connect for Syslog should be used by any Splunk customer needing to onboard data sources via syslog to Splunk. The primary pain points SC4S addresses include the following: Lack of deep syslog expertise in the community Inconsistency between syslog server deployments, which creates a support challenge Data sources tagged with catch-all sourcetype “syslog”, which limits Splunk analytics Uneven data distribution between Splunk indexers, which impacts search performance Versions: SC4S Enterprise is designed for Business that: Operate large-scale infrastructures where system stability is critical Require long-term support with minimal disruption Prefer fewer updates without compromising on quality SC4S lite is designed for Business that: The log types are limited and volume of data is too high Require local parsers for unsupported vendors Prefer custom data sources SC4S regular is designed for Business that: All kind of business big, small and large and who likes the pace Regular updates and fixes Frequent New features and experimental enhancements Benefits: * Repeatable, Concise, and Prescriptive Splunk solution for syslog * Removal of the UF reduces configuration and management effort * Turnkey deployment via the SC4S container architecture * A library of data source filters we will be continually growing with the help of the community * Exceptionally even event distribution across the Splunk Indexers (benefits search performance) * Enhanced data enrichment beyond the standard Splunk metadata of timestamp, host, source, and sourcetype * Easily add custom “filters” for additional sourcetypes beyond those supported out of the box * Complete deployment documentation Edge Processor Integration: SC4S can be seamlessly integrated to Edge processor for further filtering of data, advance processing and sending to other custom destinations. https://splunk.github.io/splunk-connect-for-syslog/main/edge_processor/ Splunk Support: If you are an existing Splunk customer with access to the Support Portal, create a support ticket for the quickest resolution to any issues you experience. Here are some examples of when it may be appropriate to create a support ticket: 1. If you experience an issue with the current version of SC4S, such as a feature gap or a documented feature that is not working as expected. 2. If you have difficulty with the configuration of SC4S, either at the back end or with the out-of-box parsers or index configurations. 3. If you experience performance issues and need help understanding the bottlenecks. 4. If you have any questions or issues with the SC4S documentation. For everything else raise github issue

Categories

Created By

Splunk LLC

Type

addon

Downloads

12,517

Splunk Answers

Resources

Log in to report this app listing