Hi,
I'm just new with splunk. I'm getting this error upon forwarding my fortigate logs to splunk. How can I set splunk to listen on UDP logs?
Thanks
I already fixed the issue by adding an UDP data input config. Now I'm getting this error in the splunkd.logs
ERROR SearchParser - Could not find macro 'fortigate_webfilter' that takes 0 arguments. Expecting stanza name 'fortigate_webfilter'
Any idea?
Thanks,
Eddel
Hi sympatiko,
take a look at the docs http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/SyslogTCP
cheers, MuS
Hi MuS,
Thanks for your help. Are you familiar with this error "Received unexpected 1380997408 byte message (Invalid payload_size=1380997408 received while in parseState=1)!" . As I've understand it pertains to the size being forward by my fortigate firewall,is it? Correct me if I'm wrong.
Thanks for your help!
which port are you sending the fortigate stream?