I'm not very experienced with Splunk, but I've been asked to set up syslog forwarding from our UPS's to our Splunk server. I've configured it with the default settings, and pointed it towards our syslog server on the default syslog port. I'm able to get test logs from any severity to go through without issue, but I am unable to see any other type of logs.
NMC: AP9641
Syslog settings on device:
Port: 514
Protocol : UDP
Message Generation: Enabled
Facility Code: User (I've tried all the other options but I was still unable to see any logs)
Severity Mapping
Critical: Critical
Warning: Warning
Informational: Informational
Hi there!
Seems like your test logs are working, but real-world ones aren't showing up. Here's what might be happening:
If none of these work, give your Splunk logs a good scan for error messages related to UPS data. They might offer more specific clues.
~ If the reply helps, a Karma upvote would be appreciated