https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295135#M56067 <P>Hi julianosantos,</P> <P>Welcome to Splunk <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>To keep it simple: I would use a different port for each device. This way you can configure the sourcetypes in the Splunk UI.</P> <P>If some devices cannot send data to other ports than 514 you can use this approach <A href="https://answers.splunk.com/answers/438083/how-to-change-syslog-host-to-a-specific-sourcetype-1.html">https://answers.splunk.com/answers/438083/how-to-change-syslog-host-to-a-specific-sourcetype-1.html</A> or this one <A href="https://answers.splunk.com/answers/369375/how-do-i-set-different-source-types-on-one-data-in-1.html">https://answers.splunk.com/answers/369375/how-do-i-set-different-source-types-on-one-data-in-1.html</A></P> <P>Hope this helps ...</P> <P>cheers, MuS</P> Tue, 04 Jul 2017 21:14:33 GMT MuS 2017-07-04T21:14:33Z https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295134#M56066 <P>Hello!<BR /> I'm new and this is my first post here in the community.</P> <P>I did the Splunk installation with the purpose of testing for enterprise deployment.<BR /> We have several devices like Palo Alto, Juniper, Trend Micro and etc.<BR /> My question is as follows.<BR /> I created a UDP Input Data on port 514 for my Palo Alto device. I noticed that others also work on the same door.<BR /> When creating a new UDP Input Data with the same port, but with different source type, I can not.<BR /> Does each device have to be configured on a different port?<BR /> What is the recommendation? Following for each device a different port?</P> <P>Thank you,</P> Tue, 04 Jul 2017 20:20:22 GMT https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295134#M56066 julianosantos 2017-07-04T20:20:22Z https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295135#M56067 <P>Hi julianosantos,</P> <P>Welcome to Splunk <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>To keep it simple: I would use a different port for each device. This way you can configure the sourcetypes in the Splunk UI.</P> <P>If some devices cannot send data to other ports than 514 you can use this approach <A href="https://answers.splunk.com/answers/438083/how-to-change-syslog-host-to-a-specific-sourcetype-1.html">https://answers.splunk.com/answers/438083/how-to-change-syslog-host-to-a-specific-sourcetype-1.html</A> or this one <A href="https://answers.splunk.com/answers/369375/how-do-i-set-different-source-types-on-one-data-in-1.html">https://answers.splunk.com/answers/369375/how-do-i-set-different-source-types-on-one-data-in-1.html</A></P> <P>Hope this helps ...</P> <P>cheers, MuS</P> Tue, 04 Jul 2017 21:14:33 GMT https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295135#M56067 MuS 2017-07-04T21:14:33Z https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295136#M56068 <P>Use a different port for each device. You can use an IP filter in most syslog servers but it means that you have to constantly update this which is a MAJOR hassle. Also read this:</P> <P><A href="http://www.georgestarcher.com/splunk-success-with-syslog/">http://www.georgestarcher.com/splunk-success-with-syslog/</A></P> Tue, 04 Jul 2017 22:17:40 GMT https://community.splunk.com/t5/Getting-Data-In/Should-each-device-sending-data-have-a-different-UDP-input-port/m-p/295136#M56068 woodcock 2017-07-04T22:17:40Z