How can I verify if my universal forwarder is receiving the data on the UDP port ? I don't see any thing in my splunkd logs.
Easiest is to run something like tcpdump, Wireshark or similar and see if traffic flows in on the port.
index=_internal group=per_source_thruput series=udp:514
I don't have access to the machine to install any new rpms. Can you please let me know is there any way i could find it through Splunk.