Refine your search:

How to add hosts?

0

I do not see in any of the manuals or Help how to add host servers. You label the targets as Host on the main page but a search does not return anything applicable.

asked 19 Mar '10, 16:28

Alan%20Bradley's gravatar image

Alan Bradley
8606734
accept rate: 100%

One Answer:
oldestnewestmost voted
1

Splunk is not able to blindly connect to a remote machine and collect system information. We require a user agent of some sort that will grant the necessary access. There are a number ways of that you can get data from remote systems into your Splunk instance.

  1. You can install a forwarding agent on each of the machines that you wish to collect data from that will send events to the central indexer. More information on data cloning and routing can be found here: http://www.splunk.com/doc/latest/admin/ForwardingReceiving
  2. You can configure syslog/syslog-ng to forward event data to a central Splunk index. You will then configure Splunk to listen on the specified UDP (syslog) or TCP (syslog-ng) port. More information on configuring Splunk to listen on a network port can be found here: http://www.splunk.com/doc/latest/admin/InputConfig#Networkports
  3. You can write a small script that collects the various files from your remote systems and feeds them into your index using our scripted input method. More information on scripted inputs can be found here: http://www.splunk.com/doc/latest/admin/Scripted%20Inputs
link

answered 19 Mar '10, 16:29

matt's gravatar image

matt ♦♦
3.1k2427
accept rate: 82%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×311
×98

Asked: 19 Mar '10, 16:28

Seen: 1,548 times

Last updated: 19 Mar '10, 16:29

Related questions

Search by host (all indexed data Hosts list)

how do I change a host when seeing multiple hosts?

Hosts appearing in host list with short and long names

Use host tags or another mechanism for provisioning granular data access controls on 1000s hosts?

Problem with Splunk for Nagios

*NIX - Ubuntu Hosts do not Show Up (How to Add?)

Searching for large groups of hosts (or any other field), i.e. host=box[100-200].domain.com

NIX app not listing my fowarded hosts in host list

How do I get the Hosts list in Search to not show syslog words as hosts?

Copyright © 2005-2012 Splunk, Inc. All rights reserved.