https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576133#M101810 <P>Hi ,</P><P>A user is complaining that :</P><P>From hostname1, we are pushing the syslog to Splunk indexer server IP - 10.20.30.40 via Port 55XY,<BR />can you please check if anything needs to be done from Splunk end to see the data in Splunk.</P><P>Can anyone please me on this.</P><P>Regards,</P><P>Rahul</P> Wed, 24 Nov 2021 07:29:38 GMT rahul2gupta 2021-11-24T07:29:38Z https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576133#M101810 <P>Hi ,</P><P>A user is complaining that :</P><P>From hostname1, we are pushing the syslog to Splunk indexer server IP - 10.20.30.40 via Port 55XY,<BR />can you please check if anything needs to be done from Splunk end to see the data in Splunk.</P><P>Can anyone please me on this.</P><P>Regards,</P><P>Rahul</P> Wed, 24 Nov 2021 07:29:38 GMT https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576133#M101810 rahul2gupta 2021-11-24T07:29:38Z https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576135#M101811 <P>Don't push syslog directly to splunk indexer. At least not in production environment.</P><P>Use some intermediate syslog receiver (sc4s is quite popular for this, I myself am a huge fan of rsyslog) from which splunk ingests the data in other ways (HEC, files).</P> Wed, 24 Nov 2021 07:55:47 GMT https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576135#M101811 PickleRick 2021-11-24T07:55:47Z https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576152#M101815 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231884">@PickleRick</a>&nbsp;for reply.</P><P><SPAN><EM>Use some intermediate syslog receiver (sc4s is quite popular for this, I myself am a huge fan of rsyslog) from which splunk ingests the data in other ways (HEC, files)</EM> -- <STRONG>How this can be achieved. Can you please provide us the step?</STRONG></SPAN></P><P><SPAN>Regards,</SPAN></P><P><SPAN>Rahul</SPAN></P> Wed, 24 Nov 2021 09:11:07 GMT https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576152#M101815 rahul2gupta 2021-11-24T09:11:07Z https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576173#M101817 <P><A href="https://lists.archive.carbon60.com/rsyslog/users/25542#25542" target="_blank">https://lists.archive.carbon60.com/rsyslog/users/25542#25542</A></P><P>(that's general idea for rsyslog but if you've never used it before, it may not be that straightforward)</P><P>or</P><P><A href="https://splunkbase.splunk.com/app/4740/" target="_blank">https://splunkbase.splunk.com/app/4740/</A></P> Wed, 24 Nov 2021 12:05:51 GMT https://community.splunk.com/t5/Getting-Data-In/Pushing-syslog-to-Splunk-indexer/m-p/576173#M101817 PickleRick 2021-11-24T12:05:51Z