Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why does syslog data delay when setting no_priority_stripping=true?

matoulas
Path Finder
‎11-14-2019 10:35 AM

Hi,

When I set no_priority_stripping = true in input.conf in Splunk server, my syslog data send to Splunk work but a very long delay of time.
When I remove no_priority_stripping = true from input.conf. My unit sends syslog to Splunk in real-time.
I do need to set no_priority_stripping = true, in order for me to use syslog_priority.csv lookup table.

I need help to resolve this issue. Can you please point me in the right direction?

Thanks,
Matoula Senethavong

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...
Top