Getting Data In

Should each device sending data have a different UDP input port?

julianosantos
New Member

Hello!
I'm new and this is my first post here in the community.

I did the Splunk installation with the purpose of testing for enterprise deployment.
We have several devices like Palo Alto, Juniper, Trend Micro and etc.
My question is as follows.
I created a UDP Input Data on port 514 for my Palo Alto device. I noticed that others also work on the same door.
When creating a new UDP Input Data with the same port, but with different source type, I can not.
Does each device have to be configured on a different port?
What is the recommendation? Following for each device a different port?

Thank you,

0 Karma
1 Solution

MuS
Legend

Hi julianosantos,

Welcome to Splunk 🙂

To keep it simple: I would use a different port for each device. This way you can configure the sourcetypes in the Splunk UI.

If some devices cannot send data to other ports than 514 you can use this approach https://answers.splunk.com/answers/438083/how-to-change-syslog-host-to-a-specific-sourcetype-1.html or this one https://answers.splunk.com/answers/369375/how-do-i-set-different-source-types-on-one-data-in-1.html

Hope this helps ...

cheers, MuS

View solution in original post

0 Karma

woodcock
Esteemed Legend

Use a different port for each device. You can use an IP filter in most syslog servers but it means that you have to constantly update this which is a MAJOR hassle. Also read this:

http://www.georgestarcher.com/splunk-success-with-syslog/

0 Karma

MuS
Legend

Hi julianosantos,

Welcome to Splunk 🙂

To keep it simple: I would use a different port for each device. This way you can configure the sourcetypes in the Splunk UI.

If some devices cannot send data to other ports than 514 you can use this approach https://answers.splunk.com/answers/438083/how-to-change-syslog-host-to-a-specific-sourcetype-1.html or this one https://answers.splunk.com/answers/369375/how-do-i-set-different-source-types-on-one-data-in-1.html

Hope this helps ...

cheers, MuS

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...