Getting Data In

How to let splunkforwarder transfering by UDP 514

sycross
New Member

Hi

I have the question about splunkforwarder , so hope someone can help me !

First ,
I successfully used to transfer logs , as follows

/opt/splunkforwarder/etc/system/local/inputs.conf
[default]
host = 10.10.203.1

[monitor:///var/log/httpd/access_log]
disabled = 0
sourcetype = http_access_log

/opt/splunkforwarder/etc/system/local/outputs.conf
[tcpout]
defaultGroup = 10.10.203.7_9997

[tcpout:10.10.203.7_9997]
server = 10.10.203.7:9997

[tcpout-server://10.10.203.7:9997]

But if i want to change to UDP 514 , i search and read documents, i cant understand how to do it correctly .

Second ,
I read the http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Outputtext, but where to use the syntax of outputtext , command or others ?

--
best regards,

cross

Tags (1)
0 Karma

Ayn
Legend

I think you're confusing concepts quite a bit here. Outputtext is a command used in searches that does something else entirely.

Light and universal forwarders cannot send syslog data. More information in the syslog part of the outputs.conf documentation here: http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Outputsconf

Ayn
Legend

As I said in my answer above, you can NOT use your forwarder for sending syslog data.

sycross
New Member

Another sample as follows,

/opt/splunkforwarder/etc/system/local/outputs.conf
[syslog]
defaultGroup = 10.10.203.7_514

[syslog:10.10.203.7_514]
server = 10.10.203.514
type = udp

I want to transfer the client's logs to server' s udp 514 port,
but the server does not receive any logs from client's.

client -------------> server:514

Can splunk be ?

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...