https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60012#M11879 <P>Link updated <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Mon, 16 Oct 2017 00:35:05 GMT MuS 2017-10-16T00:35:05Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60006#M11873 <P>Hi! I've followed this guide to forward syslogs from ESX 4.0 U2 (<A href="http://www.splunk.com/wiki/Community:VMwareESXSyslog">http://www.splunk.com/wiki/Community:VMwareESXSyslog</A>). But I'm not seeing logs appear on my Splunk server. What steps can I take to troubleshoot this? There's no firewall between the ESX hosts and the Splunk server. Splunk is running on a VM, but that shouldn't be a problem, I'm guessing?</P> Thu, 18 Aug 2011 08:21:54 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60006#M11873 BlightMan 2011-08-18T08:21:54Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60007#M11874 <P>Hi BlightMan</P> <P>recently I did the same, followed this <A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports">doc</A> and it worked like a charm.</P> <P>regards</P> Thu, 18 Aug 2011 08:41:56 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60007#M11874 MuS 2011-08-18T08:41:56Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60008#M11875 <P>I fixed the issue. There was a typo in the Spunk Syslog Wiki - there was an extra : on the end of one of the lines. I've updated the wiki so the command is correct.</P> Tue, 25 Oct 2011 15:57:11 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60008#M11875 BlightMan 2011-10-25T15:57:11Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60009#M11876 <P>I fixed the issue. There was a typo in the Spunk Syslog Wiki - there was an extra : on the end of one of the lines. I've updated the wiki so the command is correct.</P> Tue, 25 Oct 2011 15:57:12 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60009#M11876 BlightMan 2011-10-25T15:57:12Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60010#M11877 <P>Hi @MuS,</P> <P>that link takes to the splunk documentation page.</P> <P>Can you please post the updated link ?</P> <P>Thanks,<BR /> Deven</P> Mon, 16 Oct 2017 00:12:13 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60010#M11877 damode 2017-10-16T00:12:13Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60011#M11878 <P>Hi @BlightMan,</P> <P>This extra ":" you mentioned, was it under the "Set the timezone" section of that page <A href="http://wiki.splunk.com/Community:VMwareESXSyslog">http://wiki.splunk.com/Community:VMwareESXSyslog</A> ?</P> Mon, 16 Oct 2017 00:14:17 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60011#M11878 damode 2017-10-16T00:14:17Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60012#M11879 <P>Link updated <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Mon, 16 Oct 2017 00:35:05 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60012#M11879 MuS 2017-10-16T00:35:05Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60013#M11880 <P>Thanks! @MuS</P> Mon, 16 Oct 2017 05:05:11 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60013#M11880 damode 2017-10-16T05:05:11Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60014#M11881 <P>Hi @MuS,</P> <P>I have to set the timezone as stated in the <A href="http://wiki.splunk.com/Community:VMwareESXSyslog">http://wiki.splunk.com/Community:VMwareESXSyslog</A> doc by using below syntax, <BR /> [host::myesx.splunk.com]<BR /> TZ=UTC</P> <P>if I have 8 hosts that are named such as, <BR /> cd.esx1.mail.....cd.esx6.mail and cd.svm1.mail...cd.svm3.mail</P> <P>Can I use the below syntax ?<BR /> [host::cd.esx*]<BR /> TZ=UTC</P> <P>[host::cd.svm*]<BR /> TZ=UTC</P> <P>If not, could you please suggest me the most correct way to use the above syntax ?</P> Mon, 16 Oct 2017 07:04:12 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60014#M11881 damode 2017-10-16T07:04:12Z https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60015#M11882 <P>I haven't done it on host yet. Usually I use sourcetype to do such things - so I cannot not really tell if this will work or not sorry ....</P> Mon, 16 Oct 2017 20:21:06 GMT https://community.splunk.com/t5/Getting-Data-In/Forwarding-syslogs-from-ESX/m-p/60015#M11882 MuS 2017-10-16T20:21:06Z