Solved: Re: UDP input and _TCP_ROUTING - is it possible?

andyk · ‎02-14-2011

Is it possible to use _TCP_ROUTING with a UDP input? I can not get it to work. My other "monitor" inputs works fine with _TCP_ROUTING. This is a full forwarder not a lwf.

inputs.conf:

[udp://514]
index = testapp
sourcetype = syslog
_TCP_ROUTING = pnlogGroup

outputs.conf:

[tcpout]
defaultGroup = SlogGroup
disabled = false
indexAndForward = 0

[tcpout:pnlogGroup]
disabled = false
server = 10.0.0.41:9997

[tcpout:SlogGroup]
disabled = false
server = 10.0.0.50:9995

Masa · ‎03-15-2013

I think you already got answer a looooooong time ago. Answer is yes. A full Forwarder process data and parse events from udp inputs, and send the processed/parsed to Splunk as you configured in outputs.conf.

View solution in original post

kml_uvce · ‎03-16-2013

yes, here you are reciving data via udp but sending data via tcp and both are separated...
-Kamal Bisht

kamal singh bisht

Masa · ‎03-18-2013

What do you mean by "sending data via tcp and both are separated.."?

Masa · ‎03-15-2013

I think you already got answer a looooooong time ago. Answer is yes. A full Forwarder process data and parse events from udp inputs, and send the processed/parsed to Splunk as you configured in outputs.conf.

UDP input and _TCP_ROUTING - is it possible?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation