Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Log sent to port 514 not appearing

toledotiago
Explorer
‎10-29-2019 06:33 PM

I configured my application to log to Splunk, I see the package arriving in wirehark but it does not appear in wireshark.

What setting have I forgotten? Or is it missing

https://ibb.co/n7vb5N2

https://ibb.co/wgZz0Yk

0 Karma
Reply

hgrow
Communicator
‎10-30-2019 09:17 PM

Hi toledotiago,
the input you opened is Splunk-TCP input to receive data from a Splunk Universal Forwarder in Splunk’s internal format, not any arbitrary tcp source.

Take a look at https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/Monitornetworkports for the tcp/udp input you are looking for.

If you are dealing with syslog i highly recommend this blog:

http://www.georgestarcher.com/splunk-success-with-syslog/

Sincerely
hgrow

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...