From a40218301160a97851e0b56f6a5f5bb2c8195e31 Mon Sep 17 00:00:00 2001 From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com> Date: Thu, 10 Oct 2019 21:11:09 -0400 Subject: [PATCH] Feature/docsupdates (#134) * Fixes #116 * REMOVES CHANGELOG which is not maintained --- CHANGELOG | 6 ------ README.md | 46 ++++++++++++++++++---------------------------- docs/demo.md | 36 ++++++++++++++++++++++++++++++++++++ mkdocs.yml | 1 + 4 files changed, 55 insertions(+), 34 deletions(-) delete mode 100644 CHANGELOG create mode 100644 docs/demo.md diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 4b84880..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,6 +0,0 @@ -0.4.0 - - Add source support for Cisco NX - - Add source support for Symantec Proxy SG and ASG (Formerly bluecoat) - - Add support for mapping network source IP OR parsed host to specific vendor product where MSG parsing is impossible - - Code cleanup and simplification - - Begin using SEMVER for releases \ No newline at end of file diff --git a/README.md b/README.md index 9e4aa53..c7c8559 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,37 @@ -# splunk-connect-for-syslog +# README Splunk Connect for Syslog is an open source packaged solution for getting data into Splunk using syslog-ng (OSE) and the Splunk HTTP event Collector. -# Use the demo +## Purpose -The Splunk Connect for syslog demo uses docker and docker compose -to configure a instance of Splunk along with syslog-ng and a test -harness to simulate a mix of events. Ensure git, docker and docker-compose -are pre-installed and working prior to continuing. +Splunk Connect for Syslog (SC4S) is a community project focused on reducing the pain of getting syslog data sources into Splunk. The primary pain points SC4S addresses include the following… +* Shortage of deep syslog expertise in the community +* Inconsistency between syslog server deployments creates a support challenge +* Data sources tagged with catch-all sourcetype “syslog” which limits Splunk analytics +* Uneven data distribution between Splunk indexers impacts search performance +* Splunk Connect for Syslog should be used by any Splunk customer needing to onboard data sources via syslog to Splunk. -- Clone the repository and cd into directory +## Usage -```bash -git clone git@github.com:splunk/splunk-connect-for-syslog.git -cd splunk-connect-for-syslog -``` +For full usage instructions, please visit the Splunk Connect for Syslog documentation page. -- Create a working .env file * Note for demo purposes this file does not need to be modified +## Support -```bash -cp .env.template .env -``` +Please use the GitHub issue tracker to submit bugs or request features. -- Update the splunkbase username and password in .env this allows the splunk container to install required add-ons for the demo +If you have questions or need support, you can: -- Start the demo environment +Post a question to Splunk Answers using the tag "Splunk Connect For Syslog" +Join the #splunk-connect-for-syslog room in the splunk-usergroups Slack Workspace -```bash -./demo-with-compose.sh -``` +## Contributing -- Login to splunk by browsing to http://127.0.0.1:8000 user name admin password "Changed@11" +We welcome feedback and contributions from the community! Please see our [contribution guidelines](CONTRIBUTING.md) for more information on how to get involved. -- Search the main index to see indexed events - -```spl -index = main -``` - -# License +## License Configuration and documentation licensed subject to [CC0](LICENSE-CC0) diff --git a/docs/demo.md b/docs/demo.md new file mode 100644 index 0000000..8d80112 --- /dev/null +++ b/docs/demo.md @@ -0,0 +1,36 @@ +# Use the demo + +The Splunk Connect for syslog demo uses docker and docker compose +to configure a instance of Splunk along with syslog-ng and a test +harness to simulate a mix of events. Ensure git, docker and docker-compose +are pre-installed and working prior to continuing. + + +- Clone the repository and cd into directory + +```bash +git clone git@github.com:splunk/splunk-connect-for-syslog.git +cd splunk-connect-for-syslog +``` + +- Create a working .env file * Note for demo purposes this file does not need to be modified + +```bash +cp .env.template .env +``` + +- Update the splunkbase username and password in .env this allows the splunk container to install required add-ons for the demo + +- Start the demo environment + +```bash +./demo-with-compose.sh +``` + +- Login to splunk by browsing to http://127.0.0.1:8000 user name admin password "Changed@11" + +- Search the main index to see indexed events + +```spl +index = * +``` diff --git a/mkdocs.yml b/mkdocs.yml index 3e07a94..cc7f4e8 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -4,6 +4,7 @@ nav: - Home: 'index.md' - Performance: 'performance.md' - Getting Started: 'gettingstarted.md' + - Demo Lab: 'demo.md' - Configuration: 'configuration.md' - Sources: 'sources.md' - Troubleshooting: 'troubleshooting.md'