I have Splunk receiving data from various sources, but I would like to be able to send that data on to another syslog collector. I have read that various documents on how this should be achieved and I have added the following to the outputs.conf
server = 192.168.1.1:514
type = udp
Yet the data is not getting sent to that collector. This new collector is actually running on the same host as Splunk, but is using the default syslog port of UDP/514 where as Splunk is using a different port.
Firewalls are not causing the problem as I have tested this with the firewalls disabled.
What else do I need to do to make this work?
I have similar probelm , so I use non-license splunk(it should be as your mean ==>free license), whether I only send TCPData but could not send syslog , right ??