Configuring Rsyslog Data Input on Splunk Enterprise - cfloquetprojects/homelab GitHub Wiki

Pre-Flight Check:

Properly networked, patched, and updated CentOS 7 core box with Splunk/Rsyslog installed.

Rsyslog configured to retrieve and parse logs sent from client devices into /var/log/remote-syslog.

If Rsyslog has not been configured, or you are not seeing any results within /var/log/remote-syslog please visit my wiki entry on Configuring a Centralized Logging Server with Rsyslog

Add Data Inputs:

To add our rsyslog log folder to a Splunk index we need to go to Settings -> Data Inputs -> Files and Directories, and choose New Local File and Directory: