Getting Data In

Unable to add TCP Data Inputs in Splunk Cloud

bobbyavn
Engager

Hi,
I'm using Splunk Cloud and I'm unable to add a new Data Input. I'm entering all the required fields but when I click on Save the UI shows an error "Please enter all required fields". The UI does not indicate which field I'm missing.
Steps to reproduce,
Go to Settings->Data inputs->(under Forwarded Inputs)TCP->New and then under Source enter a TCP Port: 9800
Accept Connections from all hosts?
Yes
Source name override (Left it empty). It does not say it is mandatory.
Source Type
Set Source Type -> From List
Select Source Type from List -> syslog

Under More Settings
Host->Set Host -> IP
Index->default.

with the above specified inputs when i click "save" it throws an error to fill in required fields. Not sure what I missed.
Please help.
thanks
MV

yannK
Splunk Employee
Splunk Employee

Splunkcloud only accepts secure connections from forwarders with the correct SLL certificates.
The solution is to use a forwarder on your side to listen to syslog (tcp or udp), and configure the forwarder to to splunkcloud.

esix_splunk
Splunk Employee
Splunk Employee

You wont be able to create new TCP inputs into Splunk Cloud. Inbound ports are blocked, you will need to submit a ticket to have this created and enabled.

0 Karma