@mayurr98 , I have taken tcpdump and traffic is flowing

When you are searching for the event's in Splunk are you using all time or specifying a time range? If a timestamp is not getting parsed from the data correctly, its possible a future or past date is used which will prevent the events from showing up in a time constrained search.

| metadata index=x type=hosts

Do you see the host reporting?

Check to see if the events timestamps are off:

• The lastTime field is the timestamp for the last time that the indexer saw an event from this host.
• The recentTime field is the indextime for the most recent time that the index saw an event from this host. In other words, this is the time of the last update

Hi @solarboyz1,
I tried with All Time and future time as well but not luck. This is only source configured to Splunk and not receiving logs

Is the index created?

Do you see any error related to this input or index in the _internal logs?

Have you tried using a non-splunk listener (netcat) to verify the format of the data coming in?

try it without the acceptFrom=IP first to make sure that's not denying anything..

@DavidHourani, I tried but no luck.

So the port is listening, data is coming in to the port and the remote server is able to connect BUT nothing is going to splunk ?

What's the sourcetype ? Syslog ?

A good way to debug this is to use another splunk server in the same network zone. Do you have any HF that you can use ? Better if it's a server with nothing going on it, that way you can really understand if you're problem is from your input stanza, from the network or from the source.