Skip to content

Configuring Log Collection to Work With Splunk

You can configure log collection to send log data to the Splunk server. Use the following flags along with the configure command for this purpose:

  • --splunk-host: The URL that points to the server where Splunk is installed
  • --splunk-port: The port on which Splunk listens
  • --splunk-token: The HTTP Event Collector (HEC) token, which can be configured by following instructions in the Set up and use HTTP Event Collector in Splunk Web topic.

To configure log collection:

  1. Establish a new SSH/Shell session.

  2. Configure Anyware Connector to use the Splunk server for log collection by running the following command:

    /usr/local/bin/anyware-connector configure --splunk-host <URL to the Splunk host> --splunk-port <port number> --splunk-token <HEC token>

    An example command looks like this: 

    /usr/local/bin/anyware-connector configure --splunk-host splunkhost.com --splunk-port 8088 --splunk-token splunk-token

Once configured, logs will be forwarded to the Splunk server. You can search for the logs using the Splunk search interface. For more information, see the Splunk documentation.

Note: Disabling this Feature

To disable this feature, run the configure command described in step 2 with one or all the flags set to empty values. Empty values are denoted by empty quotation marks (" ").