Splunk Connect for Syslog is an open source packaged solution to get data into Splunk using syslog-ng (OSE) and the Splunk HTTP event Collector. Purpose Splunk Connect for Syslog (SC4S) is a community project that helps reduce the pain of getting syslog data sources into Splunk. Splunk Connect for Syslog should be used by any Splunk customer needing to onboard data sources via syslog to Splunk. The primary pain points SC4S addresses include the following: Lack of deep syslog expertise in the community Inconsistency between syslog server deployments, which creates a support challenge Data sources tagged with catch-all sourcetype “syslog”, which limits Splunk analytics Uneven data distribution between Splunk indexers, which impacts search performance Versions: SC4S Enterprise is designed for Business that: Operate large-scale infrastructures where system stability is critical Require long-term support with minimal disruption Prefer fewer updates without compromising on quality SC4S lite is designed for Business that: The log types are limited and volume of data is too high Require local parsers for unsupported vendors Prefer custom data sources SC4S regular is designed for Business that: All kind of business big, small and large and who likes the pace Regular updates and fixes Frequent New features and experimental enhancements Benefits: * Repeatable, Concise, and Prescriptive Splunk solution for syslog * Removal of the UF reduces configuration and management effort * Turnkey deployment via the SC4S container architecture * A library of data source filters we will be continually growing with the help of the community * Exceptionally even event distribution across the Splunk Indexers (benefits search performance) * Enhanced data enrichment beyond the standard Splunk metadata of timestamp, host, source, and sourcetype * Easily add custom “filters” for additional sourcetypes beyond those supported out of the box * Complete deployment documentation
(0)
Categories
Created By
Type
Downloads
Splunk Answers
Resources