https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23201#M96554 <P>Hi everyone!<BR /><BR /> I'm posting here because I have a problem with Splunk:<BR /><BR /> I've got an application (The Grinder) which generate a lot of datas in some csv-files. This application is able, thanks to a file named "logback-worker.xml", to forward via the syslog protocol those datas.<BR /><BR /> So, I tried this:<BR /><BR /> I configured the "logback-worker.xml" file in order to forward the datas to an instance of the universal forwarder of splunk, to the port 7777. Then, on Splunk, I created a receiver to listen on port 9997. The idea is to receive datas on port 7777 and to forward it to the port 9997.<BR /><BR /> So, my question is: is there any special configuration I have to do with the inputs and outputs files?<BR /><BR /> I precise that I want to use TCP, not UDP. <BR /> Thanks in advance. </P> Thu, 07 Feb 2013 15:42:01 GMT nugetchar 2013-02-07T15:42:01Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23201#M96554 <P>Hi everyone!<BR /><BR /> I'm posting here because I have a problem with Splunk:<BR /><BR /> I've got an application (The Grinder) which generate a lot of datas in some csv-files. This application is able, thanks to a file named "logback-worker.xml", to forward via the syslog protocol those datas.<BR /><BR /> So, I tried this:<BR /><BR /> I configured the "logback-worker.xml" file in order to forward the datas to an instance of the universal forwarder of splunk, to the port 7777. Then, on Splunk, I created a receiver to listen on port 9997. The idea is to receive datas on port 7777 and to forward it to the port 9997.<BR /><BR /> So, my question is: is there any special configuration I have to do with the inputs and outputs files?<BR /><BR /> I precise that I want to use TCP, not UDP. <BR /> Thanks in advance. </P> Thu, 07 Feb 2013 15:42:01 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23201#M96554 nugetchar 2013-02-07T15:42:01Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23202#M96555 <P>Stock universal forwarders cannot listen to remote inputs like TCP / UDP / SplunkTCP (the splunk to splunk protocol).<BR /> they can only send to the indexer on splunktcp.</P> <UL> <LI>why do not send the syslog data directly to your indexer (on a tcp port)</LI> <LI>a classic solution is to have a syslog server on the box writing to file, and have the forwarder monitor the files (it acts as a persistent buffer)</LI> <LI>otherwise, you can tweak the universal forwarder to accept tcp data, see <A href="http://splunk-base.splunk.com/answers/2966/can-a-light-forwarder-forward-on-udpsyslog-data">http://splunk-base.splunk.com/answers/2966/can-a-light-forwarder-forward-on-udpsyslog-data</A></LI> </UL> <P>FYI a tcp input is in inputs.conf and looks like <BR /> [tcp://7777]<BR /> sourcetype=syslog</P> Thu, 07 Feb 2013 15:54:21 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23202#M96555 yannK 2013-02-07T15:54:21Z https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23203#M96556 <P>Thanks, I finally found a way to do what I wanted to do <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 11 Feb 2013 15:00:50 GMT https://community.splunk.com/t5/Getting-Data-In/Problem-with-Syslog/m-p/23203#M96556 nugetchar 2013-02-11T15:00:50Z