Get full access to Implementing Splunk 7 - Third Edition and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Monitoring logs on a shared drive

Some customers configure all the servers to write their logs to a network share, NFS or otherwise. This setup can be made to work, but it is not ideal.

The advantages of this approach include:

A forwarder does not need to be installed on each server that is writing its logs to the share
Only the Splunk instance reading these logs needs rights to the logs

The disadvantages of this approach include:

The network share can become overloaded and can become a bottleneck.
If a single file has more than a few megabytes of unindexed data, the Splunk process will only read this one log until all the data is indexed. If there are multiple indexers in play, only one indexer will be receiving data from this forwarder. ...

Get Implementing Splunk 7 - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now