I have a server which stores some logs. Everyday news logs are added. So what I want is, every week, on a particular day, (say Friday @ 12 AM), a script will be triggered which will forward these logs from the server to Splunk installed in a windows PC. Then the analysis of these logs will begin automatically based on some predefined scenarios (say for example, how many users are using the server per month, per week or per day). The search strings for these scenarios will be already stored in a database and I need to fetch those strings one by one and execute them. The reports generated for all these scenarios will then be mailed to some predefined mail ids. That's the thing which I am trying to achieve, in short. :D
Now the issues here are :
1. Is this thing even feasible considering that Splunk is not open source? :D
2. I tried to configure the Splunk Universal Forwarder but it did not work. I made the necessary changes in the inputs.conf and outputs.conf file, added the receiving indexer using the command (splunk add forward-server :9997) and also configured receiving options in Splunk Enterprise to listen to port 9997. Still no success. Did I miss anything?
3. Using DB Connect app we can connect Splunk to a database and also fetch the search strings as well. But how do I ensure that the strings will be executed automatically one after the other?
4. How do I mail the reports generated for each scenario automatically to some predefined recipients?
I am a beginner in Splunk and need some assistance to get this done. Any help would be highly appreciated.
Thanks :)
↧