I am currently deploying Splunk (widely used Reporting and Analytics tool) for a customer. Splunk is used to collect logs from a vareity of sources commonly, switches, firewalls, routers or platforms like Moodle, all types of Operating systems and many others.
This customer requires Moodle logs sent to Splunk. While I was trying to find online resources for this, I came across Moodle plug-in called Splunk logstore.
I have installed this plug-in in a test environment on moodle site, along with a separate Splunk instance on the same machine.
I have configured all values as default except the splunk port, which I have changed to 514. As normally all logs are sent to syslog server (Splunk) on udp port 514. I have tried with the default port as well. However, I was unable to receive logs on Splunk with those settings.
If anyone has worked on this successfully, could you please share your solution ?
The only way to troubleshoot this plug-in is by checking whether logs are getting collected on Splunk. I am not familiar with Moodle Admin interface as much in order to debug issues in Moodle.
Additional Info:
Moodle version : 3.3.2+
Splunk 7.0.0