Not getting data ofter configuring TCP 80 port in inputs.conf my stanza is like this [tcp://80] connection_host = dns index = port sourcetype = syslog can you give me any idea on this. thnks i...
...14".
I made sure to enable ports with these lines in default-mode.conf:
[pipeline:udp]
disabled=false
But I am not getting anything coming in to Splunk.
I have cygwin installed and w...
We have some firewall devices sending data to one index previously. Now I have to create new index for some of the devices to send data through TCPport. I'm unable to find old index and I'm not s...
I have 3 different log sources sending logs to Splunk from a number of hosts on on udp 514.
Breakdown : WLC (5-6 hosts), ESX(8) and Eqallogic (6). However, so far I am only getting datafrom W...
the configuration for tcpport is below but need to the same for udpport
Transforms:
[bigmoney]
REGEX = event
DEST_KEY=_TCP_ROUTING
FORMAT=bigmoneyreader
Props:
[host::machine n...
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
hi all
I am running on a windows heavy forwarder on Splunk Enterprise 8.1.7.2 and I listen to portstcp 9514 andudp 514.
The data comes in to the main index and I perform a transforms/ props t...
...ndpoint Cloud (Cylance) to the Splunk Heavy Forwarder pushing syslogs, for then to be forwarded to the Cloud. When testing , UDPports work and the connection is successful, h...
...eavy forwarders which receives syslogs from network appliances and then HF sends that data to indexers. On HFs, we have redirected data coming on UDP 514 port to 1514 using iptables. Also, I have c...
I recently installed a Splunk Edge Processor and i noticed it's not listening on port 9997. I can see it as a node on the Splunk Cloud Platform but I can't send on-prem datafrom my universal f...