Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Log sent to port 514 not appearing

toledotiago
Explorer
‎10-29-2019 06:33 PM

I configured my application to log to Splunk, I see the package arriving in wirehark but it does not appear in wireshark.

What setting have I forgotten? Or is it missing

https://ibb.co/n7vb5N2

https://ibb.co/wgZz0Yk

0 Karma
Reply

hgrow
Communicator
‎10-30-2019 09:17 PM

Hi toledotiago,
the input you opened is Splunk-TCP input to receive data from a Splunk Universal Forwarder in Splunk’s internal format, not any arbitrary tcp source.

Take a look at https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/Monitornetworkports for the tcp/udp input you are looking for.

If you are dealing with syslog i highly recommend this blog:

http://www.georgestarcher.com/splunk-success-with-syslog/

Sincerely
hgrow

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...