Getting Data In
Highlighted

Why am I unable to collect basic syslog from APC UPS after creating a TCP input in Splunk Web with the sourcetype as 'syslog'?

New Member

I am a new user to Splunk, and while I thought I had the basics down, I am getting stumped by this...

Logged into our APC UPS (Symmetra RM 6000) and told it to forward events to our Splunk server.

Went into Splunk and:
settings->data Inputs->local input->tcp

and create a new input using the sourcetype as 'syslog'

I am not seeing any data at all and the rule has been up for 3 days now. Is this the correct way to pull data from a APC UPS, or have I overlooked something obvious??

0 Karma
Highlighted

Re: Why am I unable to collect basic syslog from APC UPS after creating a TCP input in Splunk Web with the sourcetype as 'syslog'?

New Member

Same issue I have. We have created a dedicated Index for UPS logs. Every syslog message coming from a client starting with ups in its hostname should store logs to this Index. It's not working for any of my UPS Systems. When I use a cisco router, change hostname to ups it's working. So my strong guess is that it is related to the UPS, but don't know why.

0 Karma
Highlighted

Re: Why am I unable to collect basic syslog from APC UPS after creating a TCP input in Splunk Web with the sourcetype as 'syslog'?

Communicator

Hi, which Splunk Adddon did you use to collect APC UPS?

0 Karma