<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Splunk 6.0 removing syslog priority fields in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-6-0-removing-syslog-priority-fields/m-p/123634#M25519</link>
    <description>&lt;P&gt;In 6 on Windows with the Universal Forwarder, it seems that the config files have moved to&lt;BR /&gt;
C:\splunkuniversalforwarder\etc\apps\splunk_ta_windows\local\inputs.conf&lt;/P&gt;

&lt;P&gt;This is the file I had to change to point the data to specific indexes.&lt;/P&gt;

&lt;P&gt;You may try a search for other inputs.conf and see if you have one in a similar location - depending on the path you chose for $Splunk_Home&lt;/P&gt;</description>
    <pubDate>Mon, 28 Sep 2020 15:09:25 GMT</pubDate>
    <dc:creator>rkirkw</dc:creator>
    <dc:date>2020-09-28T15:09:25Z</dc:date>
    <item>
      <title>Splunk 6.0 removing syslog priority fields</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-6-0-removing-syslog-priority-fields/m-p/123633#M25518</link>
      <description>&lt;P&gt;Dear sir&lt;/P&gt;

&lt;P&gt;I have read all information on the Splunk answers. but I couldnt find any solutionn for my situation. I am new in the world of splunk and splunk is running in test lab. I can forward syslog to splunkm but splunk remove priority fields from syslog. I have add the following code in the inpust.conf file and restart the splunk, but it didnt solved my problem.&lt;/P&gt;

&lt;P&gt;C:\Program Files\Splunk\etc\system\local\inputs.conf&lt;BR /&gt;
[udp://514]&lt;BR /&gt;
no_priority_stripping = true&lt;/P&gt;

&lt;P&gt;I tried also this location:&lt;BR /&gt;
C:\Program Files\Splunk\etc\apps\search\local\inputs.conf&lt;BR /&gt;
[udp://514]&lt;BR /&gt;
no_priority_stripping = true&lt;/P&gt;

&lt;P&gt;Would anyone please tell me if am i configuring in the worng place? &lt;BR /&gt;
If anyone can help me I would apprecaite that. &lt;BR /&gt;
thanks in advance&lt;/P&gt;

&lt;P&gt;Best Rrgards,&lt;/P&gt;

&lt;P&gt;Herat&lt;/P&gt;</description>
      <pubDate>Mon, 28 Sep 2020 15:09:22 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-6-0-removing-syslog-priority-fields/m-p/123633#M25518</guid>
      <dc:creator>herat420</dc:creator>
      <dc:date>2020-09-28T15:09:22Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk 6.0 removing syslog priority fields</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-6-0-removing-syslog-priority-fields/m-p/123634#M25519</link>
      <description>&lt;P&gt;In 6 on Windows with the Universal Forwarder, it seems that the config files have moved to&lt;BR /&gt;
C:\splunkuniversalforwarder\etc\apps\splunk_ta_windows\local\inputs.conf&lt;/P&gt;

&lt;P&gt;This is the file I had to change to point the data to specific indexes.&lt;/P&gt;

&lt;P&gt;You may try a search for other inputs.conf and see if you have one in a similar location - depending on the path you chose for $Splunk_Home&lt;/P&gt;</description>
      <pubDate>Mon, 28 Sep 2020 15:09:25 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-6-0-removing-syslog-priority-fields/m-p/123634#M25519</guid>
      <dc:creator>rkirkw</dc:creator>
      <dc:date>2020-09-28T15:09:25Z</dc:date>
    </item>
  </channel>
</rss>

