Getting Data In

Is there a way to route data being sent to a UDP port to a specific index based on the source host?


My Splunk server is listening to UDP port 514 for syslog information. How can I route data to a given index based on the originating host? For example, the network-related devices need to be routed to the index designated for those devices while security devices need to have their dat routed to that index. Thanks.

Tags (2)
0 Karma


You might try the approach listed here:

But, a better plan might be to set up multiple UDP ports and have each device send to an index-specific port. In the long run that might scale better for you.