Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

splunk add forward-server IP:PORT -auth user:pass - For UDP ???

grillotron
New Member
‎03-15-2013 02:19 AM

Hi,

Please i need to use de UDP protocol to add Forwarders (Universal in my case) buy supoust its de same command working with another options of "forwarders"..

splunk add forward-server IP:PORT -auth user:pass

¿what is de sintaxis?

thanks

Tags (1)
0 Karma
Reply

grillotron
New Member
‎03-21-2013 12:53 AM

Hi,

I don't need to use UDP ... it's only to keep the same way UDP/514. But really... i don't need it - i will create a recibe data port tcp/514.

thanks

0 Karma
Reply

Ayn
Legend
‎03-15-2013 02:57 AM

No, forwarding from a Splunk instance to another cannot use UDP. Why would you need UDP?

If you really can't do this via TCP, you'll have to resort to sending syslog over UDP from the forwarder to the indexer.

Reply

Ayn
Legend
‎03-21-2013 12:56 AM

Righty. By the way, the best thing would be to use Splunk's own protocol for forwarding events from one Splunk instance to another (splunktcp) rather than just sending the raw data (tcp).

0 Karma
Reply

grillotron
New Member
‎03-21-2013 12:53 AM

Hi,

I don't need to use UDP ... it's only to keep the same way UDP/514. But really... i don't need it - i will create a recibe data port tcp/514.

thanks

0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-15-2013 03:07 AM

and that would not be a good idea, since you'd then be limited to standard syslog limits (<1k message size, single line). Try to fit a stacktrace, or eventlog message into that... 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...