Getting Data In

How to configure a heavy forwarder to receive logs over port 514/1514?


I have a new Splunk enterprise system up and running, with HFs and Indexers. For logs from network devices like F5, Cisco,.. I specify a HF IP and port udp#514 to forward logs to, but no logs get into the HF.

I heard the daemon syslog on the HF needs to be configure to receive logs over these two ports. I know it's not Splunk direct question, but anyone knows how to configure this?


0 Karma


This is a great guide to setting up syslog with Splunk. Enjoy!

Splunk Success with Syslog

Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...