Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Syslog Priority Levels Stripped for UDP and TCP Syslog Messages

scornish
Engager
‎05-27-2010 04:48 PM

All, I noticed discussions on how to prevent Splunk from stripping priority levels from UDP Syslog messages.

Will priority stripping occur if Splunk receives messages via TCP port 514?

If so, how would you configure Splunk to not strip the priority?

Stephanie

Tags (1)
Reply

Simeon
Splunk Employee
Splunk Employee
‎05-27-2010 06:38 PM

Priority stripping is optionally set for UDP inputs. It should not occur if you have configured a TCP input over port 514. For more information regarding the configuration, review the UDP settings for inputs.conf at following link:

http://www.splunk.com/base/Documentation/latest/Admin/Inputsconf

no_priority_stripping = true
* If this attribute is set to true, then Splunk does NOT strip the <priority> syslog field from received events. 
* NOTE: Do NOT include this key if you want to strip <priority>.
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...