We have updated our Terms of Service, Code of Conduct, and Addendum.

Cribl Leader Logs to Splunk

Sven Breier
Sven Breier Posts: 14
in Stream

Hello everyone,

is there a “best practise” way to collect internal and metrics logs from the cribl leader?
For worker is an existing Source called “Cribl Internal”.
Thank you

Answers

  • Jon Rust
    Jon Rust Posts: 475 mod

    Best rec right now is to install Edge on the Leader host and collect the logs using that. You can also opt for any of the other agents.

  • Sven Breier
    Sven Breier Posts: 14

    How to collect them? I cant put the Leader in a fleet to soak up the data.

  • Jon Rust
    Jon Rust Posts: 475 mod

    I believe you could join the Leader as a managed node. You could also install Edge and run it as a singleton. Access it on port 9420 and configure a file monitor on /opt/cribl/log.

  • Brendan Dalpe
    Brendan Dalpe Posts: 201 mod

    Another option is to use the agent you are familiar with like the Splunk UF or a FileBeat. Logs then get forwarded to your worker group.

    Another way would be be to collect them using the REST API. A thread on Community Slack: Slack

  • Sven Breier
    Sven Breier Posts: 14

    Thank you guys, will try that.

Categories