Issue with Data Inputs TCP/UDP setting

asif99usa · ‎12-02-2021

Splunk Connect for Syslog
This is Splunk’s preferred method of ingesting high volumes of data. Details can be located here →
https://splunk-connect-for-syslog.readthedocs.io/en/latest/
TCP Data Input
Navigate to Settings -> Data Inputs -> TCP (Add new)
This brings you to following screen. In this step, we will configure Splunk to listen on TCP using
port 514. NSS only supports TCP, but the destination port is configurable. Most administrators use
port “514” as it is the default port for UDP based syslog. After configuring SIEM port, click next

We're following the above step but not able to find TCP / UDP configure the port to synced with Zscaler NSS. I'm logging in Splunk Cloud portal as trial member. Could it be restriction/privilege to my trail account ? Please advice

Thanks

Asif

Roy_9 · ‎12-06-2021

You can configure this on an On premise Heavy forwarder and connect this HF to Splunk Cloud.

As Rich said below, Splunk cloud(SH/IDM) doesn't support TCP/UDP streams as it will be risky and might blew up the license.

richgalloway · ‎12-02-2021

Splunk Cloud does not support TCP/UDP inputs. They're not used with SC4S, anyway. Use a HEC input.

---
If this reply helps you, Karma would be appreciated.

Issue with Data Inputs TCP/UDP setting

configuration

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life