Documentation > Splunk > Admin Manual > ftp, rcp, scp, sftp

Admin Manual

 


Overview
Setting Up Data Inputs
Authentication
Changing the Way Splunk Processes Your Data
Creating and Using Configuration Bundles
Configuring Your Sources
Splunk-2-Splunk Management
Integration
Managing Your Filesystem
How-To's

ftp, rcp, scp, sftp

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

ftp, rcp, scp, sftp

Push method

Set up a cron job on your remote host(s) to copy files to your Splunk host. Don't copy files such as /var/log/syslog that are still open for writing - the transfer process may skip or duplicate events in the file. To transfer still-open files to the Splunk Server, see the section on using rsync].


For rotating log files, the most elegant solution is to modify your logrotate script to copy the file as part of the rotation.


Pull method

For security reasons, you may want to forbid remote hosts from pushing files. The most elegant solution is to modify your logrotate script on the remote host to assign a permanent and unique filename to each rotated log file. Then set up a cron job to pull the files onto your Splunk host.


External Links

Retrieved from "http://docs.splunk.com/Documentation/Splunk/2.2/Admin/FtpRcpScpSftp"

This documentation applies to the following versions of Splunk: 2.1 , 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!