I'm using Splunk Cloud and I'm unable to add a new Data Input. I'm entering all the required fields but when I click on Save the UI shows an error "Please enter all required fields". The UI does not indicate which field I'm missing.
Steps to reproduce,
Go to Settings->Data inputs->(under Forwarded Inputs)TCP->New and then under Source enter a TCP Port: 9800
Accept Connections from all hosts?
Source name override (Left it empty). It does not say it is mandatory.
Set Source Type -> From List
Select Source Type from List -> syslog
Under More Settings
Host->Set Host -> IP
with the above specified inputs when i click "save" it throws an error to fill in required fields. Not sure what I missed.
Splunkcloud only accepts secure connections from forwarders with the correct SLL certificates.
The solution is to use a forwarder on your side to listen to syslog (tcp or udp), and configure the forwarder to to splunkcloud.