https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181351#M5397 <P>Hello,</P> <P>To add an input by directly editing inputs.conf, add a stanza for the input. You can add the stanza to the inputs.conf file in $SPLUNK_HOME/etc/system/local/, or in your own custom application directory (in $SPLUNK_HOME/etc/apps//local). If you have not worked with Splunk's configuration files before, read "About configuration files" before you begin.</P> <P>You configure the data input by adding attribute/value pairs to its stanza. You can set multiple attributes in an input stanza. If you do not specify a value for an attribute, Splunk Enterprise uses the default value that's preset in $SPLUNK_HOME/etc/system/default/inputs.conf.</P> <P>Here's a simple example of adding a network input. This configuration directs Splunk Enterprise to listen on TCP port 9995 for raw data from any remote server. The host of the data is set as the DNS name of the remote server. All data will also be assigned the source type "log4j" and the source "tcp:9995".</P> <PRE><CODE>[tcp://:9995] connection_host = dns sourcetype = log4j source = tcp:9995 </CODE></PRE> <P>For more information, visit:<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.1.5/Indexer/Aboutindexesandindexers" target="_blank">http://docs.splunk.com/Documentation/Splunk/6.1.5/Indexer/Aboutindexesandindexers</A> </P> Mon, 28 Sep 2020 18:37:07 GMT Patient 2020-09-28T18:37:07Z https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181349#M5395 <P>Hello,</P> <P>I have an issue when i try to get data in Splunk 6.2.1<BR /> I created /opt/splunk/system/local/inputs.conf but i receive no data.</P> <PRE><CODE>[udp://@ip:514] connection_host = ip index = firewall </CODE></PRE> <P>whereas when iadd data from the webUI, there are no issue.<BR /> I put only udp://514, i know this is not a connectivity problem.<BR /> None of my modifications in the config file are apply when i restart Splunk</P> <P>I really need help on this.</P> <P>Thank you </P> Mon, 12 Jan 2015 11:00:18 GMT https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181349#M5395 ThomasLeroy 2015-01-12T11:00:18Z https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181350#M5396 <P>Hi ThomasLeroy,</P> <P>adding an IP to this stanza, will not bind UDP input to this IP, but only accept traffic from this IP. <BR /> See the docs for more details on this <A href="http://docs.splunk.com/Documentation/Splunk/6.2.1/admin/inputsconf">http://docs.splunk.com/Documentation/Splunk/6.2.1/admin/inputsconf</A></P> <PRE><CODE>[udp://&lt;remote server&gt;:&lt;port&gt;] * If &lt;remote server&gt; is specified, the specified port will only accept data from that server. * If &lt;remote server&gt; is empty - [udp://&lt;port&gt;] - the port will accept data sent from any server. </CODE></PRE> <P>cheers, MuS</P> Mon, 12 Jan 2015 12:30:56 GMT https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181350#M5396 MuS 2015-01-12T12:30:56Z https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181351#M5397 <P>Hello,</P> <P>To add an input by directly editing inputs.conf, add a stanza for the input. You can add the stanza to the inputs.conf file in $SPLUNK_HOME/etc/system/local/, or in your own custom application directory (in $SPLUNK_HOME/etc/apps//local). If you have not worked with Splunk's configuration files before, read "About configuration files" before you begin.</P> <P>You configure the data input by adding attribute/value pairs to its stanza. You can set multiple attributes in an input stanza. If you do not specify a value for an attribute, Splunk Enterprise uses the default value that's preset in $SPLUNK_HOME/etc/system/default/inputs.conf.</P> <P>Here's a simple example of adding a network input. This configuration directs Splunk Enterprise to listen on TCP port 9995 for raw data from any remote server. The host of the data is set as the DNS name of the remote server. All data will also be assigned the source type "log4j" and the source "tcp:9995".</P> <PRE><CODE>[tcp://:9995] connection_host = dns sourcetype = log4j source = tcp:9995 </CODE></PRE> <P>For more information, visit:<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.1.5/Indexer/Aboutindexesandindexers" target="_blank">http://docs.splunk.com/Documentation/Splunk/6.1.5/Indexer/Aboutindexesandindexers</A> </P> Mon, 28 Sep 2020 18:37:07 GMT https://community.splunk.com/t5/Security/Issue-getting-data-in/m-p/181351#M5397 Patient 2020-09-28T18:37:07Z