Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Syslog Priority Levels Stripped for UDP and TCP Syslog Messages

scornish
Engager
‎05-27-2010 04:48 PM

All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages.

Will priority stripping occur if Splunk receives messages via TCP port 514?

If so, how would you configure Splunk to not strip the priority?

Stephanie

Tags (1)
Reply

Simeon
Splunk Employee
Splunk Employee
‎05-27-2010 06:38 PM

Priority stripping is optionally set for UDP inputs. It should not occur if you have configured a TCP input over port 514. For more information regarding the configuration, review the UDP settings for inputs.conf at following link:

http://www.splunk.com/base/Documentation/latest/Admin/Inputsconf

no_priority_stripping = true
* If this attribute is set to true, then Splunk does NOT strip the <priority> syslog field from received events. 
* NOTE: Do NOT include this key if you want to strip <priority>.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...