Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I not getting syslogs on port 512?

tabbtharrington
New Member
‎04-02-2018 07:46 AM

I am new to Splunk and I have it installed on my PC at work. I have Aruba Clear Pass syslog target set to forward to my PC's IP on port 512, UDP.
Search field in Splunk is : source="udp:512" sourcetype="syslog". Not getting any results when I run a search.

I tried port 514, UDP as well and still getting nothing. Wondering if its an IOS version issue as I'm running Windows 7 on my PC?

0 Karma
Reply

chaker
Contributor
‎04-02-2018 02:53 PM

If you are not running the Splunk process as "root" you will not be able to access port below 1024 on Linux systems.

On Windows, do a netstat -na and look for port 514 to be "listening"

Also, what is the destination index you have set for the syslog data? Have you tried index=* sourcetype="syslog" ?

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎04-02-2018 02:43 PM
  1. Do you have Windows firewall active and configured to allow 512/udp traffic to pass through?
  2. Do you have a Splunk listener configured to listen on port 512?
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...