https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153506#M31199 <P>There is no default. You have to set up an UDP listener inside some <CODE>inputs.conf</CODE>. Try this search on your forwarder:</P> <PRE><CODE>cd $SPLUNK_HOME; find . -name inputs.conf -exec grep -il 514 {} \; </CODE></PRE> Tue, 04 Aug 2015 13:40:42 GMT woodcock 2015-08-04T13:40:42Z https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153505#M31198 <P>The sourcetype for udp514 is set to syslog. Where is this defined? Is it hard coded in Splunkd or is it defined in a file in <CODE>/opt/splunk</CODE>? If the latter, where is it defined?</P> <P>Thanks,</P> <P>Sean Coleman</P> Tue, 04 Aug 2015 06:00:05 GMT https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153505#M31198 coleman07 2015-08-04T06:00:05Z https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153506#M31199 <P>There is no default. You have to set up an UDP listener inside some <CODE>inputs.conf</CODE>. Try this search on your forwarder:</P> <PRE><CODE>cd $SPLUNK_HOME; find . -name inputs.conf -exec grep -il 514 {} \; </CODE></PRE> Tue, 04 Aug 2015 13:40:42 GMT https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153506#M31199 woodcock 2015-08-04T13:40:42Z https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153507#M31200 <P>or use btool and look at the location of your stanza udp:514</P> <PRE><CODE>./splunk cmd btool inputs list udp --debug </CODE></PRE> Tue, 04 Aug 2015 14:43:06 GMT https://community.splunk.com/t5/Getting-Data-In/Where-is-the-default-sourcetype-for-udp-514-set/m-p/153507#M31200 yannK 2015-08-04T14:43:06Z