Splunk Enterprise

How do you forward Aruba syslogs to Splunk Enterprise

Ben2
New Member

Hi all,

 

I am currently having trouble finding the steps on how to forward the Syslogs from an Aruba switch into Splunk. The Aruba switch is set up to forward the syslogs through the correct IP to Port 9997 which is the Splunk Default. My issue is that these Syslogs are not coming through or not visible. I have confirmed the computer can detect the switch and the switch sees the computer, Why are the syslogs not being forwarded? I have installed the Aruba Network Add-on for Splunk but the result has not changed.

If someone know the correct steps to set this up would they be able to provide them?

Any help is greatly appreciated.

Kind regards,
Ben 

Labels (3)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Port 9997 is indeed a default port but not for receiving syslog data (for that you'd need to explicitly enable a tcp or udp input) but for splunk to splunk communication (like forwarding data from splunk forwarders to indexers).

For a simple setup a direct tcp or udp, depending on what you use, input on your receiving indexer might be sufficient but it's recommended to use an external syslog receiver and either write to files and ingest those files with UF (the old way) or forward the data to HEC input (the new way).

0 Karma
Get Updates on the Splunk Community!

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

  Tech Talk Streamlined Observability for Your Cloud Environment Register    Out of the Box to Up And Running ...