Archive
Highlighted

Filter by host on source syslog

Path Finder

My scenario:

  • splunk server listening on 514/udp (syslog).
  • many hosts/appliance send log over udp to splunk indexer.

My goal was:

  • filter source by ip/hostname, set custom sourcetype and index
  • drop every upd packet not listed in my custom rules

What is the best way to do this?

Regards

bizza

Tags (2)
0 Karma
Highlighted

Re: Filter by host on source syslog

SplunkTrust
SplunkTrust

Hi bizza

you can find everything you need to know about routing and filtering data in this doc here

regards

View solution in original post

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.