Re: Splunk 6.0 removing syslog priority fields

herat420 · ‎10-31-2013

Dear sir

I have read all information on the Splunk answers. but I couldnt find any solutionn for my situation. I am new in the world of splunk and splunk is running in test lab. I can forward syslog to splunkm but splunk remove priority fields from syslog. I have add the following code in the inpust.conf file and restart the splunk, but it didnt solved my problem.

C:\Program Files\Splunk\etc\system\local\inputs.conf
[udp://514]
no_priority_stripping = true

I tried also this location:
C:\Program Files\Splunk\etc\apps\search\local\inputs.conf
[udp://514]
no_priority_stripping = true

Would anyone please tell me if am i configuring in the worng place?
If anyone can help me I would apprecaite that.
thanks in advance

Best Rrgards,

Herat

rkirkw · ‎10-31-2013

In 6 on Windows with the Universal Forwarder, it seems that the config files have moved to
C:\splunkuniversalforwarder\etc\apps\splunk_ta_windows\local\inputs.conf

This is the file I had to change to point the data to specific indexes.

You may try a search for other inputs.conf and see if you have one in a similar location - depending on the path you chose for $Splunk_Home

Splunk 6.0 removing syslog priority fields

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, October Edition

Are you a member of the Splunk Community?

Splunk 6.0 removing syslog priority fields

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, October Edition