Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Problem with Syslog

nugetchar
Explorer
‎02-07-2013 07:42 AM

Hi everyone!

I'm posting here because I have a problem with Splunk:

I've got an application (The Grinder) which generate a lot of datas in some csv-files. This application is able, thanks to a file named "logback-worker.xml", to forward via the syslog protocol those datas.

So, I tried this:

I configured the "logback-worker.xml" file in order to forward the datas to an instance of the universal forwarder of splunk, to the port 7777. Then, on Splunk, I created a receiver to listen on port 9997. The idea is to receive datas on port 7777 and to forward it to the port 9997.

So, my question is: is there any special configuration I have to do with the inputs and outputs files?

I precise that I want to use TCP, not UDP.
Thanks in advance.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎02-07-2013 07:54 AM

Stock universal forwarders cannot listen to remote inputs like TCP / UDP / SplunkTCP (the splunk to splunk protocol).
they can only send to the indexer on splunktcp.

FYI a tcp input is in inputs.conf and looks like
[tcp://7777]
sourcetype=syslog

View solution in original post

Reply
Solved! Jump to solution

nugetchar
Explorer
‎02-11-2013 07:00 AM

Thanks, I finally found a way to do what I wanted to do 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

yannK
Splunk Employee
Splunk Employee
‎02-07-2013 07:54 AM

Stock universal forwarders cannot listen to remote inputs like TCP / UDP / SplunkTCP (the splunk to splunk protocol).
they can only send to the indexer on splunktcp.

FYI a tcp input is in inputs.conf and looks like
[tcp://7777]
sourcetype=syslog

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...