Hello,How can I get notifications.log from the Leader Node, and forward them to Splunk?
Question
How can I get notifications.log from the Leader Node, and forward them to Splunk?
Install a Splunk UF on the leader or install a Cribl Edge agent on the leader - one of those can forward the leader's logs on
So there is no way to forward it with the help of the Leader?There would be an option to send it from workers via Splunk HEC though. But trying to see if Cribl Leader is of any help in this matter
Edge is preferred, of course :slightly_smiling_face:
Leaders don't transport data
you can query the API
using REST Collector
Worker -> REST call to Leader -> send results
no. REST Collections are coordinated by ... the leader
One solution is to create a REST API CollectorCollect URL = `http://leader:9000/api/v1/system/logs/notifications.log`And in the Authentication use the ' Login ' option to obtain the bearer tokenAt that point you can forward the data to Splunk
Sign up
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.