Logstash with Splunk

vadimso · January 3, 2016, 11:57am

Hello All,
Is it possible to configure Logstash to send logs (windows event log ) to Splunk to get events after logstash parsing?
Tnx in advance

magnusbaeck · January 3, 2016, 9:10pm

Logstash can send processed events by a number of means, e.g. raw TCP or UDP, that I'm sure Splunk can monitor. I'd look into Logstash's list of output plugins and compare it to any similar list of possible inputs that Splunk has and try to find the best match.

Splunk also seems to be capable of reading Windows event logs directly—any reason you want to use Logstash as a middle man?

PandKing · May 8, 2017, 7:27pm

Has anyone else tried to get this working? I have beats going to logstash then ES but for some hosts I also need to send that data to SPLUNK.

Topic		Replies	Views
Parsing Windows Events Log using Logstash Logstash	1	264	August 13, 2019
Export logs by splunk to logstash servers Logstash	5	3320	July 6, 2017
How to send log to windows event by using logstash ELK? Logstash	1	324	April 3, 2018
Log Ingestion from Splunk Logstash	1	499	August 3, 2020
Logstash not able to send Event to Splunk HTTP Event Collector Logstash	5	1922	November 8, 2019

Logstash with Splunk

Related topics