Forward syslog stream using Splunk Forwarder

How can I forward syslog stream using Splunk Universal Forwarder?

I have a centos7 system, and I want to forward the stream eg. localx without having to write it to disk. Currently, I am only able to forward if I write the stream to disk and configure the forwarder to consume the file.

Solution

If you insist on using the UF then writing to disk is the way.

If you want to avoid writing to disk and are open to a non-UF solution, then consider Splunk Connect for Syslog (SC4S). It's a docker app that receives syslog streams and sends them to Splunk HEC inputs. See https://splunkbase.splunk.com/app/4740/ for more information.

Splunk query to find those final results that has events with unique combination of values of two keys in results of main search criteria
login-info.cfg Splunk file semantic and structure
Splunk SignalFX Synthetics: Is it possible to retrieve environment variable values in Javascript
Form a results table view from splunk multiple logs
Exclude unnecessary logs being sent to splunk cloud platform
How to Attach Splunk Search Results In JIra Via Terraform Automation?
Regex Substitue only on a specific group - sedcmd (Splunk)
Regex to only return matches when followed by a specific word
embeding conf files into helm chart
Splunk Logs for Faster Queries, with Category Boolean true
How to create a timechart in splunk for the timestamp and extracted field?
Match regex named group up until optional word
How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
Splunk result in Table format
Splunk: How to compute the difference of timestamps by id?
SPLUNK: How can I count events by location with a list of SERVERNAME's?
How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
Java 11 HttpClient - POST issue
Flume sink to Splunk?
Questions related to splunk builtin macros in correlation search
how to send the local file using splunk forwarder docker image?
A table of counts of http status by URL
How do I use a specific date/time in Splunk dashboard with earliest and latest?
Splunk - Handling a blank token for a dashboard search
Splunk - Extracting from search results using regex and aggregates
Splunk - Grouping by distinct field with stats of another field
Trying to log to Splunk using logback appender
How can I download infinite results from a Splunk Search to Export the Data
Regex extraction from Right to Left
How to use Python via AWS Lambda to send millions (large quantities of data) of events to Splunk