Splunk Connect for Syslog
This is Splunk’s preferred method of ingesting high volumes of data. Details can be located here →
https://splunk-connect-for-syslog.readthedocs.io/en/latest/
TCP Data Input
Navigate to Settings -> Data Inputs -> TCP (Add new)
This brings you to following screen. In this step, we will configure Splunk to listen on TCP using
port 514. NSS only supports TCP, but the destination port is configurable. Most administrators use
port “514” as it is the default port for UDP based syslog. After configuring SIEM port, click next
We're following the above step but not able to find TCP / UDP configure the port to synced with Zscaler NSS. I'm logging in Splunk Cloud portal as trial member. Could it be restriction/privilege to my trail account ? Please advice
Thanks
Asif
You can configure this on an On premise Heavy forwarder and connect this HF to Splunk Cloud.
As Rich said below, Splunk cloud(SH/IDM) doesn't support TCP/UDP streams as it will be risky and might blew up the license.
Splunk Cloud does not support TCP/UDP inputs. They're not used with SC4S, anyway. Use a HEC input.