https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656217#M111150 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/260129">@jamaluddin-k</a>,</P><P>as you can see in the following question (<A href="https://community.splunk.com/t5/Getting-Data-In/send-a-subset-of-logs-via-syslog-to-a-Third-Party-and-all-logs/m-p/506184" target="_blank">https://community.splunk.com/t5/Getting-Data-In/send-a-subset-of-logs-via-syslog-to-a-Third-Party-and-all-logs/m-p/506184</A>) I had the same problem and I solved&nbsp;&nbsp;<SPAN>adding in inputs.conf _TCP_ROUTING to all the sourcetypes and _SYSLOG_ROUTING to the three ones to send to syslog.</SPAN></P><P><SPAN>Ciao.</SPAN></P><P><SPAN>Giuseppe</SPAN></P> Thu, 31 Aug 2023 09:31:57 GMT gcusello 2023-08-31T09:31:57Z https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656093#M111132 <P>Hi,</P> <P>I have a simple TCP syslog server in the same network where I have setup my Splunk Enterprise platform 9.10. I am trying to forward the data polled into Splunk Enterprise by Add-On apps to the TCP Syslog Server. But even after configuring it from settings&gt; Forwarding and Receiving, I am getting error like connection Timed out.</P> <P>Can anyone suggest what is being missed or needs to be looked into here.</P> <P>Thank you</P> Wed, 30 Aug 2023 16:29:47 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656093#M111132 jamaluddin-k 2023-08-30T16:29:47Z https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656165#M111143 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/260129">@jamaluddin-k</a>,</P><P>forwarding data from GUI is a feature to send logs to another Splunk instance not to a syslog server.</P><P>If you want to send logs to a syslog server, you have to follow the instructions at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/9.1.1/Forwarding/Forwarddatatothird-partysystemsd#Syslog_data" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.1.1/Forwarding/Forwarddatatothird-partysystemsd#Syslog_data</A></P><P>Ciao.</P><P>Giuseppe</P> Wed, 30 Aug 2023 22:41:27 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656165#M111143 gcusello 2023-08-30T22:41:27Z https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656216#M111149 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,</P><P>I see, That was a big gap on my end. But I also already had tried the Syslog Forwarding section on the URL you shared. I was not able to receive any data at the syslog server.</P><P>My output.conf file is as simple as below.</P><P>&nbsp;</P><LI-CODE lang="markup">[syslog] defaultGroup=syslogGroup [syslog:syslogGroup] server = 192.168.6.158:514</LI-CODE><P>&nbsp;</P><P>I initially felt that the syslog server configuration might have some issue or maybe network, but no I was able to send TCP message to the syslog server from the Splunk Enterprise VM Instance. Only the data from Splunk is not getting forwarded.</P><P>Both the Sysylog Server VM and Splunk Enterprise VM are in the same network.</P><P>Just curious, is the defaultGroup parameter got to do something here?</P><P>&nbsp;</P><P>Thanks for your help.</P> Thu, 31 Aug 2023 09:29:33 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656216#M111149 jamaluddin-k 2023-08-31T09:29:33Z https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656217#M111150 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/260129">@jamaluddin-k</a>,</P><P>as you can see in the following question (<A href="https://community.splunk.com/t5/Getting-Data-In/send-a-subset-of-logs-via-syslog-to-a-Third-Party-and-all-logs/m-p/506184" target="_blank">https://community.splunk.com/t5/Getting-Data-In/send-a-subset-of-logs-via-syslog-to-a-Third-Party-and-all-logs/m-p/506184</A>) I had the same problem and I solved&nbsp;&nbsp;<SPAN>adding in inputs.conf _TCP_ROUTING to all the sourcetypes and _SYSLOG_ROUTING to the three ones to send to syslog.</SPAN></P><P><SPAN>Ciao.</SPAN></P><P><SPAN>Giuseppe</SPAN></P> Thu, 31 Aug 2023 09:31:57 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656217#M111150 gcusello 2023-08-31T09:31:57Z https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656248#M111158 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;<BR />I was able to fix the issue. Apart from the fact that 3rd part needs syslog forwarding as you mentioned, the issue was the default protocol. Splunk has it as UDP.</P><P>Thanks</P> Thu, 31 Aug 2023 11:13:45 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-Forward-Data-from-Splunk-Enterprise-to-TCP-Syslog-Server/m-p/656248#M111158 jamaluddin-k 2023-08-31T11:13:45Z