Getting Data In

How to configure a heavy forwarder to receive logs over port 514/1514?


I have a new Splunk enterprise system up and running, with HFs and Indexers. For logs from network devices like F5, Cisco,.. I specify a HF IP and port udp#514 to forward logs to, but no logs get into the HF.

I heard the daemon syslog on the HF needs to be configure to receive logs over these two ports. I know it's not Splunk direct question, but anyone knows how to configure this?


0 Karma


This is a great guide to setting up syslog with Splunk. Enjoy!

Splunk Success with Syslog

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.