Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Log sent to port 514 not appearing

toledotiago
Explorer
‎10-29-2019 06:33 PM

I configured my application to log to Splunk, I see the package arriving in wirehark but it does not appear in wireshark.

What setting have I forgotten? Or is it missing

https://ibb.co/n7vb5N2

https://ibb.co/wgZz0Yk

0 Karma
Reply

hgrow
Communicator
‎10-30-2019 09:17 PM

Hi toledotiago,
the input you opened is Splunk-TCP input to receive data from a Splunk Universal Forwarder in Splunk’s internal format, not any arbitrary tcp source.

Take a look at https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/Monitornetworkports for the tcp/udp input you are looking for.

If you are dealing with syslog i highly recommend this blog:

http://www.georgestarcher.com/splunk-success-with-syslog/

Sincerely
hgrow

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...