Solved: Re: Sending Splunk Data to Syslog Server

balcv · ‎11-03-2013

I have Splunk receiving data from various sources, but I would like to be able to send that data on to another syslog collector. I have read that various documents on how this should be achieved and I have added the following to the outputs.conf

[syslog:my_syslog_group]
server = 192.168.1.1:514
type = udp

Yet the data is not getting sent to that collector. This new collector is actually running on the same host as Splunk, but is using the default syslog port of UDP/514 where as Splunk is using a different port.

Firewalls are not causing the problem as I have tested this with the firewalls disabled.

What else do I need to do to make this work?

sbaryakov · ‎11-04-2013

If you use a free license this feature is disabled. (I'm pretty sure but not 100%)

View solution in original post

sbaryakov · ‎11-04-2013

If you use a free license this feature is disabled. (I'm pretty sure but not 100%)

wyldkao · ‎04-17-2014

Hi
I have similar probelm , so I use non-license splunk(it should be as your mean ==>free license), whether I only send TCPData but could not send syslog , right ??

wyldkao

balcv · ‎11-04-2013

Thank you. Yes I have had to revert to the Free License so that explains it.

Ayn · ‎11-03-2013

Is this a full-blown Splunk instance (indexer or likewise) or a Universal Forwarder?

Sending Splunk Data to Syslog Server

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming

Are you a member of the Splunk Community?

Sending Splunk Data to Syslog Server

Exciting News: The AppDynamics Community Joins Splunk!

The All New Performance Insights for Splunk

Good Sourcetype Naming