Hi,
we are planning to get the Syslog data into Splunk Heavy Forwarders. They are Appliances and those are hardened linux OS.
till now i have done the following steps
I have provided the Splunk Heavy Forwarder IP to App owner, they configured the syslog on their end
I created Data inputs on HFW by giving TCP: 1024, Sourcetype, IP and created Index. (514 already being used)
I could't able able to find the data yet on splunk. is this the correct process OR am i missing anything? please let me know if i did anything wrong or if I need to add some inputs?
Thanks,
Do you have local firewalls blocking TCP 1024. Are you sure you are sending data to the right port?
if that is the case, I hope it will through the Firewall Error. but I didn't get any firewall error.