Splunk Enterprise

How do you forward Aruba syslogs to Splunk Enterprise

Ben2
New Member

Hi all,

 

I am currently having trouble finding the steps on how to forward the Syslogs from an Aruba switch into Splunk. The Aruba switch is set up to forward the syslogs through the correct IP to Port 9997 which is the Splunk Default. My issue is that these Syslogs are not coming through or not visible. I have confirmed the computer can detect the switch and the switch sees the computer, Why are the syslogs not being forwarded? I have installed the Aruba Network Add-on for Splunk but the result has not changed.

If someone know the correct steps to set this up would they be able to provide them?

Any help is greatly appreciated.

Kind regards,
Ben 

Labels (3)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Port 9997 is indeed a default port but not for receiving syslog data (for that you'd need to explicitly enable a tcp or udp input) but for splunk to splunk communication (like forwarding data from splunk forwarders to indexers).

For a simple setup a direct tcp or udp, depending on what you use, input on your receiving indexer might be sufficient but it's recommended to use an external syslog receiver and either write to files and ingest those files with UF (the old way) or forward the data to HEC input (the new way).

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...