setting up a Cribl journald data source for journal logs on remote machine

You're trying to read the Journal files remotely?

yes, I want to get remote journald logs. What's the optimal ways to do this? Is Cribl syslog data source an option too? Thanks.

We don't support Journald remote today, so syslog to Cribl Stream would be the best way unless you want to install the Edge agent on the Linux machine.

Edge can collect logs from journald files on the local host so you'd need to mount them somehow for that to work. You may be able to have systemd/journald send logs to a syslog interface on a Stream/Edge node. Not entirely sure I'm following the question though.

Thanks. So I cannot use Cribl Journald data source since it is not supported. As Paul mentioned, can I configure journald to forward to socket, then configure syslog-ng to listen on that socket, then forward to Cribl syslog data source?