Configuring Fluent-Bit to Support Splunk

You can configure Fluent-Bit to send logs to Splunk. This configuration is applicable only when you configure the local cluster as the as the Listener and the remote cluster in remote forwarding mode.

When you configure Fluent-Bit to support Splunk, the local logs are sent to Splunk using Fluent-Bit and the remote logs are sent to the fluent listener (Fluent-Bit). The Fluent-Bit in turn forwards the remote logs to Splunk.

To configure Fluent-Bit to support Splunk, use the following configuration:

configure 
   logging splunk listener enable 
   logging splunk listener external-ip external_vip_ip 
   logging splunk host splunk_host 
   logging splunk port splunk_port 
   logging splunk auth-token auth_token 

NOTES:

  • logging splunk listener enable —Enable Fluent-Bit to send logs to Splunk.

  • logging splunk listener external-ip external_vip_ip —Specify the external virtual IP address of the local cluster.

  • logging splunk host splunk_host —Specify the Splunk host information.

  • logging splunk port splunk_port—Specify the Splunk port information.

  • logging splunk auth-token auth_token—Specify the Splunk Authentication Token for the HTTP Event Collector interface.