Hi all,
I've been reading quite a bit on syslog collection via a Splunk Universal Forwarder. In particular answer #28680. I understand the reasons behind using SUF or another syslog collector as apposed to sending to Splunk directly. I haven't, however, been able to figure out how to perform an approach such as:
syslog device (rsyslog - linux client) -> SUF -> Splunk
Can someone point me in the right direction?
I apologize if this question has been answered before, but my google-fu isn't helping me.
Thank you.
↧