Re: Syslog Configuration through Splunk Web?

niha1318 · ‎03-27-2019

Hi,

we are planning to get the Syslog data into Splunk Heavy Forwarders. They are Appliances and those are hardened linux OS.

till now i have done the following steps

I have provided the Splunk Heavy Forwarder IP to App owner, they configured the syslog on their end

I created Data inputs on HFW by giving TCP: 1024, Sourcetype, IP and created Index. (514 already being used)

I could't able able to find the data yet on splunk. is this the correct process OR am i missing anything? please let me know if i did anything wrong or if I need to add some inputs?

Thanks,

sduff_splunk · ‎03-27-2019

Do you have local firewalls blocking TCP 1024. Are you sure you are sending data to the right port?

niha1318 · ‎03-28-2019

if that is the case, I hope it will through the Firewall Error. but I didn't get any firewall error.

Syslog Configuration through Splunk Web?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

How Edge Processor's Durable Queue Works

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Join the Conversation