Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure a forwarder to listen on tcp/udp for syslog for Splunk Light cloud service?

sperschall
New Member
‎04-13-2016 01:48 PM

Hey,

I'm new to Splunk, so I may be missing something... However, I can't seem to configure a forwarder to listen on a network port (tcp/udp for syslog).

So far I have:
- Installed the forwarder which shows up in the Splunk Light dloud portal
- I have set the forwarder to monitor local event logs and the data is flowing into Splunk ok
- When I go to Add data, select the forwarder, select the server class, I can't click on the option for "Configure Splunk to listen on a network port." It also seems to be missing it's blue heading in that box. I can click on the other four options, but not that one.

Any ideas? Am I missing something?

Thanks...Scott

0 Karma
Reply

dkoshe_splunk
Splunk Employee
Splunk Employee
‎04-13-2016 03:22 PM

Looks like there is a bug introduced in the recent version that is preventing UI from working.
As a work around you can go to the machine where forwarder is running, and manually create (if none exists) inputs.conf file in /etc/system/local folder and update/add TCP input there and restart the forwarder (/bin/splunk restart).

Example stanza for receiving syslog via TCP input (update for your port and source type as appropriate):

[tcp://33333]
sourcetype=syslog
disabled=false
Reply

jterry
Splunk Employee
Splunk Employee
‎04-13-2016 02:07 PM

could you post a screen-shot?
if you have a server class defined that contains the forwarder(s) you're trying to enable the tcp/udp input on then there shouldn't be a problem.
thnx

0 Karma
Reply

sperschall
New Member
‎04-13-2016 02:12 PM

Sure...here you go.
Screen Cap

0 Karma
Reply

jterry
Splunk Employee
Splunk Employee
‎04-13-2016 02:27 PM

ok, thnx. i'm looking into it/trying to re-produce the issue.

0 Karma
Reply

jterry
Splunk Employee
Splunk Employee
‎04-13-2016 03:15 PM

for now, the "Use the CLI" section of this doc may help: http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/Configureyourinputs#Use_the_CLI

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...
Top