https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53523#M10331 <P>Good day</P> <P>I have a question.</P> <P>Where i can find and edit this? </P> <P>1.)tranforms.conf<BR /> 2.)props.conf<BR /> 3.)outputs.conf</P> <P>i am using windows and have a splunk instance version version 4.3.4, build 136012</P> <P>thanks<BR /> Cris</P> Thu, 11 Oct 2012 10:14:55 GMT christantoy 2012-10-11T10:14:55Z https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53519#M10327 <P>I tried the following and it did not work - </P> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Forwarddatatothird-partysystemsd" target="_blank">http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Forwarddatatothird-partysystemsd</A></P> <P>I have since been able to forward ALL data via UDP to the 3rd party system but have not been able to filter specific events. First I tried the following which did not work - </P> <P>props.conf</P> <P>[host::10.10.10.*]<BR /> TRANSFORMS-bna = send_to_syslog</P> <P>tranforms.conf</P> <P>[send_to_syslog]<BR /> DEST_KEY = _SYSLOG_ROUTING<BR /> REGEX=SYSMGR-6-SUBPROC_SUCCESS_EXIT<BR /> FORMAT = my_syslog_group</P> <P>(note that I tried this without the REGEX as well)</P> <P>outputs.conf</P> <P>[syslog:my_syslog_group]<BR /> server = 10.10.10.10:514</P> <P>I verified that the 3rd party system is receiving syslogs via UDP correctly through another mechanism. I also verified that the events I want are coming in from the proper IP with the proper string. If I just put the following in my outputs.conf I get ALL syslog events via UDP to the server but filtering is not working even with the props and transforms in place - </P> <P>[syslog]<BR /> defaultGroup = my_syslog_group</P> <P>[syslog:my_syslog_group]<BR /> disabled = false<BR /> server = 10.10.10.10:514</P> <P>Any ideas? This is from an indexer running 4.1.</P> Mon, 28 Sep 2020 10:19:43 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53519#M10327 jfraiberg 2020-09-28T10:19:43Z https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53520#M10328 <P>I am having the exact same issue. Anyone ever resolve this?</P> Mon, 06 Aug 2012 17:13:37 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53520#M10328 chadfermanxto 2012-08-06T17:13:37Z https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53521#M10329 <P>I opened a ticket and it ended up being a bug. I was forced to upgrade to the latest version, once I did that the configs worked. I could not get it to work by host however, only by source with regex.</P> Mon, 06 Aug 2012 17:19:16 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53521#M10329 jfraiberg 2012-08-06T17:19:16Z https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53522#M10330 <P>what version fixed the problem 4.3.4 or 4.3.3 ?</P> Tue, 09 Oct 2012 16:21:50 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53522#M10330 herterich 2012-10-09T16:21:50Z https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53523#M10331 <P>Good day</P> <P>I have a question.</P> <P>Where i can find and edit this? </P> <P>1.)tranforms.conf<BR /> 2.)props.conf<BR /> 3.)outputs.conf</P> <P>i am using windows and have a splunk instance version version 4.3.4, build 136012</P> <P>thanks<BR /> Cris</P> Thu, 11 Oct 2012 10:14:55 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53523#M10331 christantoy 2012-10-11T10:14:55Z https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53524#M10332 <P>3.3 fixed it</P> Thu, 11 Oct 2012 13:51:44 GMT https://community.splunk.com/t5/Getting-Data-In/forwarding-syslog-data-via-UDP-to-3rd-party-server-splunk-docs/m-p/53524#M10332 jfraiberg 2012-10-11T13:51:44Z