How to forward Aspera logs to Splunk

--Joseph Hansen



Splunk is a data analysis tool that allows you to search and analyze the logs of an application. Such tools can be very useful for the analysis of the logs for your Aspera products.

One you have your Splunk instance up and running, you need to add a data source from which to collect the logs from, namely, the machine(s) on which your Aspera products are installed.

Follow the instructions below to add your Aspera logs as data sources to your Splunk system.


Before you start

These instructions assume that Aspera logging has been redirected to /var/log/aspera.log. For details on how to do this, see this Knowledge Base article.


1. On the machine with the Aspera product(s) installed, download the Splunk forwarding agent.

2. Install the Splunk forwarding agent. On Redhat/CentOS systems you can use the following command:

# yum localinstall /path/to/forwarder


3. Create a symbolic link for the Splunk executable so you don't have to specify the full path each time you run it:

# ln -s /opt/splunkforwarder/bin/splunk /bin/splunk


4. Configure the Splunk details with the following commands. Replace admin_password with your Splunk admin user’s password, aspera_server_FQDN with the FQDN (fully qualified domain name) or IP address of the machine with Aspera software, splunk_FQDN_or_IP with the Splunk system’s FQDN or IP address and port with the port number used on the Splunk system:

# splunk start --accept-license
# splunk enable boot-start
# splunk edit user admin -password admin_password -auth admin:changeme
# splunk set servername aspera_server_FQDN
# splunk set default-hostname aspera_server_FQDN
# splunk add forward-server splunk_FQDN_or_IP:port
# splunk set deploy-poll splunk_FQDN_or_IP:port


5. Add the logs or log directories you want to forward to Splunk with the following command, specifying the location of the log file or directory:

# splunk add monitor path_to_log


Below are some examples of log files or directories you might choose to forward:

# splunk add monitor /var/log/aspera.log
# splunk add monitor /opt/aspera/faspex/log


Note: You may be prompted to provide credentials if you haven’t authenticated for a certain period of time. In this case use the password you set in the configuration above.

Powered by Zendesk