A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?
A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?
The best practice for ingesting syslog data into Splunk is to configure syslog to write logs to files and then use a Splunk forwarder to collect and forward those logs to the Splunk indexers. This approach ensures reliable data ingestion and better handling of high volumes of data, as it allows the forwarder to manage data forwarding efficiently and offers better error handling and buffering capabilities.
Answer is: D
https://wiki.splunk.com/Community:BestPracticeForConfiguringSyslogInput
Answer D
Answer is D. Show Data Admin slide 147
D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.