<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Splunk web app not receiving message from client in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141587#M29003</link>
    <description>&lt;P&gt;There are multiple inputs.conf file under &lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\apps/\search/\local/\&lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\system/\local&lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\system/\default&lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\apps/\splunk_app_window and so on. &lt;/P&gt;

&lt;P&gt;Is there a guide which tells me which input.conf file needs to be changed ?&lt;/P&gt;</description>
    <pubDate>Mon, 28 Sep 2020 17:05:50 GMT</pubDate>
    <dc:creator>fortinet1</dc:creator>
    <dc:date>2020-09-28T17:05:50Z</dc:date>
    <item>
      <title>Splunk web app not receiving message from client</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141583#M28999</link>
      <description>&lt;P&gt;Hi All,&lt;/P&gt;

&lt;P&gt;I am new to this splunk community and as such usage of splunk in general. I have a unit which is configured to send syslog to any server. For this purpose I have splunk web app running on a system (Windows 7). The netstat -b -a command shows splunkd and splunkweb running ( LISTENING):&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;TCP   0.0.0.0:514         abc-PC:0            LISTENING
[splunkd.exe]
TCP   0.0.0.0:8000         abc-PC:0            LISTENING
[splunkweb.exe]
TCP    0.0.0.0:8089         abc-PC:0            LISTENING
[splunkd.exe]
TCP     0.0.0.0:9997        abc-PC:0            LISTENING
[splunkd.exe]
....
...
UDP   0.0.0.0:515            *:*
[splunkd.exe]
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;The client which is sending the syslog server has IP: 192.168.1.99&lt;BR /&gt;
The system where my splunk web app (abc-PC) is running has IP: 192.168.0.99 ( both can ping each other)&lt;/P&gt;

&lt;P&gt;The client is configured to sent the syslog on port 514. But as you can see from the netstat output, splunk seems to be listening on 514 but log is empty. How to resolve or suggest some ways to proceed in debugging.  Also why do I see multiple splunkd.exe running. Is it normal? &lt;/P&gt;

&lt;P&gt;Hope to get some suggestions/feedback soon.&lt;/P&gt;

&lt;P&gt;THanks&lt;/P&gt;</description>
      <pubDate>Mon, 14 Jul 2014 16:20:27 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141583#M28999</guid>
      <dc:creator>fortinet1</dc:creator>
      <dc:date>2014-07-14T16:20:27Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk web app not receiving message from client</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141584#M29000</link>
      <description>&lt;P&gt;Your netstat suggests that Splunk is listening on UDP port 515 instead of 514. Make sure your syslog sender and Splunk agree on the port number &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;BR /&gt;
Open your Splunk web interface, go to Settings -&amp;gt; Data Inputs -&amp;gt; UDP and tell us what you see.&lt;/P&gt;</description>
      <pubDate>Mon, 14 Jul 2014 22:03:32 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141584#M29000</guid>
      <dc:creator>martin_mueller</dc:creator>
      <dc:date>2014-07-14T22:03:32Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk web app not receiving message from client</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141585#M29001</link>
      <description>&lt;P&gt;Yes, its been set, Where do I exactly check the logs sent by my syslog sender.&lt;/P&gt;</description>
      <pubDate>Tue, 15 Jul 2014 21:21:27 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141585#M29001</guid>
      <dc:creator>fortinet1</dc:creator>
      <dc:date>2014-07-15T21:21:27Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk web app not receiving message from client</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141586#M29002</link>
      <description>&lt;P&gt;That depends on what you've set in the corresponding inputs.conf entry.&lt;/P&gt;</description>
      <pubDate>Tue, 15 Jul 2014 21:59:17 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141586#M29002</guid>
      <dc:creator>martin_mueller</dc:creator>
      <dc:date>2014-07-15T21:59:17Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk web app not receiving message from client</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141587#M29003</link>
      <description>&lt;P&gt;There are multiple inputs.conf file under &lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\apps/\search/\local/\&lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\system/\local&lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\system/\default&lt;BR /&gt;
C:/\Program Files/\Splunk/\etc/\apps/\splunk_app_window and so on. &lt;/P&gt;

&lt;P&gt;Is there a guide which tells me which input.conf file needs to be changed ?&lt;/P&gt;</description>
      <pubDate>Mon, 28 Sep 2020 17:05:50 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141587#M29003</guid>
      <dc:creator>fortinet1</dc:creator>
      <dc:date>2020-09-28T17:05:50Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk web app not receiving message from client</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141588#M29004</link>
      <description>&lt;P&gt;First you should read and understand this: &lt;A href="http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Configurationfiledirectories"&gt;http://docs.splunk.com/Documentation/Splunk/6.1.2/Admin/Configurationfiledirectories&lt;/A&gt; - the surrounding pages don't hurt either.&lt;/P&gt;

&lt;P&gt;Where that UDP input is depends on where you've configured it to be. It'll certainly be in some &lt;CODE&gt;local&lt;/CODE&gt; directory, because &lt;CODE&gt;default&lt;/CODE&gt; isn't meant to be changed by the end user.&lt;BR /&gt;
You could check through all of them, or run this:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;$SPLUNK_HOME/bin/splunk cmd btool --debug inputs list udp
&lt;/CODE&gt;&lt;/PRE&gt;</description>
      <pubDate>Wed, 16 Jul 2014 17:03:52 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-web-app-not-receiving-message-from-client/m-p/141588#M29004</guid>
      <dc:creator>martin_mueller</dc:creator>
      <dc:date>2014-07-16T17:03:52Z</dc:date>
    </item>
  </channel>
</rss>

