Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get data from forward TCP and UDP ports

king311
Loves-to-Learn
‎01-12-2022 06:00 AM

Not getting data ofter configuring TCP 80 port in inputs.conf

my stanza is like this

[tcp://80]
connection_host = dns
index = port
sourcetype = syslog

can you give me any idea on this. thnks in advance.

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-12-2022 06:22 AM

If you are using port less or equal than 1024 then you must run splunkd as root, which is not as best practices. I prefer to use e.g. port 1514 or similar for that. 

Have you update also your senders to use that unstandardised port (normally udp + 514) to use?

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...