I have a new Splunk enterprise system up and running, with HFs and Indexers. For logs from network devices like F5, Cisco,.. I specify a HF IP and port udp#514 to forward logs to, but no logs get into the HF.
I heard the daemon syslog on the HF needs to be configure to receive logs over these two ports. I know it's not Splunk direct question, but anyone knows how to configure this?