Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Log sent to port 514 not appearing

toledotiago
Explorer
‎10-29-2019 06:33 PM

I configured my application to log to Splunk, I see the package arriving in wirehark but it does not appear in wireshark.

What setting have I forgotten? Or is it missing

https://ibb.co/n7vb5N2

https://ibb.co/wgZz0Yk

0 Karma
Reply

hgrow
Communicator
‎10-30-2019 09:17 PM

Hi toledotiago,
the input you opened is Splunk-TCP input to receive data from a Splunk Universal Forwarder in Splunk’s internal format, not any arbitrary tcp source.

Take a look at https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/Monitornetworkports for the tcp/udp input you are looking for.

If you are dealing with syslog i highly recommend this blog:

http://www.georgestarcher.com/splunk-success-with-syslog/

Sincerely
hgrow

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...