I am forwarding Netapp Ontap Syslog to my indexer machine via UDP 5146. On Splunk Web, under Data Inputs, I can see port is enabled.
I tried using CLI as well as Conf file for configuring listening on UDP 5146.
CLI Command(Using user Splunk) :
/opt/splunk/bin/splunk add udp 5146 -sourcetype ontap:syslog -index ontap
Listening for UDP input on port 5146.
Inputs.conf
(location : $SPLUNKHOME$/etc/apps/search/local/inputs.conf OR $SPLUNKHOME$/etc/slave-apps/_cluster/local/inputs.conf):
[udp://5146]
connection_host = ip
index = ontap
sourcetype = ontap:syslog
My indexer machine is part of a indexer cluster.
In splunkd.log I am below error related to UDP :
ERROR UDPInputProcessor - Error binding to socket in UDPInputProcessor: Permission denied
Please suggest solution for this problem.
Check SELinux:
grep "denied" /var/log/audit/audit.log
did you check for selinux enabled or misconfigured?
@abhinav_maxonic - Are you using one of the apps or add-ons on Splunkbase, specifically one of these?
- Splunk App for NetApp Data ONTAP
- Splunk Add-on for NetApp Data ONTAP
I just want to make sure your post is tagged properly.
Yes, I am using "Splunk App for NetApp Data Ontap" .