Getting Data In

Direct syslog forwarding from Isilon to Splunk


I am trying to setup syslog forwarding from Isilon Cluster to Splunk server ... I have done the following steps as per instructions online.

1. edit syslog.conf file in cluster
2. create a read only user in splunk
3. Deploy the DELL EMC app and TA on deployment server.

Currently I can see that all of the cluster nodes are talking to my server but all TCP state for the nodes are in TIME_WAIT. I am also unable to detect any connection with the cluster from the Splunk UI. I tried setting up the TA with the read only user I had created. But that is also throwing "authentication" error.

I am new to Splunk and am no expert.
I am unable to understand what I have missed. Requesting help from the Splunk community.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...