Solved: Sending Splunk Data to Syslog Server

balcv · ‎11-03-2013

I have Splunk receiving data from various sources, but I would like to be able to send that data on to another syslog collector. I have read that various documents on how this should be achieved and I have added the following to the outputs.conf

[syslog:my_syslog_group]
server = 192.168.1.1:514
type = udp

Yet the data is not getting sent to that collector. This new collector is actually running on the same host as Splunk, but is using the default syslog port of UDP/514 where as Splunk is using a different port.

Firewalls are not causing the problem as I have tested this with the firewalls disabled.

What else do I need to do to make this work?

sbaryakov · ‎11-04-2013

If you use a free license this feature is disabled. (I'm pretty sure but not 100%)

View solution in original post

sbaryakov · ‎11-04-2013

If you use a free license this feature is disabled. (I'm pretty sure but not 100%)

wyldkao · ‎04-17-2014

Hi
I have similar probelm , so I use non-license splunk(it should be as your mean ==>free license), whether I only send TCPData but could not send syslog , right ??

wyldkao

balcv · ‎11-04-2013

Thank you. Yes I have had to revert to the Free License so that explains it.

Ayn · ‎11-03-2013

Is this a full-blown Splunk instance (indexer or likewise) or a Universal Forwarder?

Sending Splunk Data to Syslog Server

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation