Solved: Sending Splunk Data to Syslog Server

balcv · ‎11-03-2013

I have Splunk receiving data from various sources, but I would like to be able to send that data on to another syslog collector. I have read that various documents on how this should be achieved and I have added the following to the outputs.conf

[syslog:my_syslog_group]
server = 192.168.1.1:514
type = udp

Yet the data is not getting sent to that collector. This new collector is actually running on the same host as Splunk, but is using the default syslog port of UDP/514 where as Splunk is using a different port.

Firewalls are not causing the problem as I have tested this with the firewalls disabled.

What else do I need to do to make this work?

sbaryakov · ‎11-04-2013

If you use a free license this feature is disabled. (I'm pretty sure but not 100%)

View solution in original post

sbaryakov · ‎11-04-2013

If you use a free license this feature is disabled. (I'm pretty sure but not 100%)

wyldkao · ‎04-17-2014

Hi
I have similar probelm , so I use non-license splunk(it should be as your mean ==>free license), whether I only send TCPData but could not send syslog , right ??

wyldkao

balcv · ‎11-04-2013

Thank you. Yes I have had to revert to the Free License so that explains it.

Ayn · ‎11-03-2013

Is this a full-blown Splunk instance (indexer or likewise) or a Universal Forwarder?

Sending Splunk Data to Syslog Server

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Sending Splunk Data to Syslog Server

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!