Send logs to splunk from datapower

0
votes

I have a log target which send logs to splunk from datapower. In splunk logs I am not able to see the host name from which device that log came. Is there any settings at datapower end which we can correct to display the host name in splunk.

2
loggingsplunkibm-datapower
How do the logs get from Datapower to Splunk? Are you using syslog and a Splunk forwarder or sending directly to Splunk? - RichG
Here we are using a syslog log target - Vidisha

2 Answers

0
votes

There are multiple apps for getting logs into Splunk from DataPower

The first used a REST API, while the second uses syslog. Are you using one of these, or an alternate method?

IBM's datapower configuration can be found at https://www.ibm.com/support/knowledgecenter/SS9H2Y_7.5.0/com.ibm.dp.doc/logtarget_configuring.html

0
votes

I interpret the question as showing the host name of the DataPower instance in Splunk logs. DataPower will only give you the IP address per default as it doesn't "know" its host name in the network. You can set the Local Identifier parameter in the Log Target and it will be added to the log stream going to Splunk.