Getting Data In

How to configure a heavy forwarder to receive logs over port 514/1514?


I have a new Splunk enterprise system up and running, with HFs and Indexers. For logs from network devices like F5, Cisco,.. I specify a HF IP and port udp#514 to forward logs to, but no logs get into the HF.

I heard the daemon syslog on the HF needs to be configure to receive logs over these two ports. I know it's not Splunk direct question, but anyone knows how to configure this?


0 Karma


This is a great guide to setting up syslog with Splunk. Enjoy!

Splunk Success with Syslog

Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...