Not getting data ofter configuring TCP 80 port in inputs.conf my stanza is like this [tcp://80] connection_host = dns index = port sourcetype = syslog can you give me any idea on this. thnks i...
...14".
I made sure to enable ports with these lines in default-mode.conf:
[pipeline:udp]
disabled=false
But I am not getting anything coming in to Splunk.
I have cygwin installed and w...
We have some firewall devices sending data to one index previously. Now I have to create new index for some of the devices to send data through TCPport. I'm unable to find old index and I'm not s...
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
hi all
I am running on a windows heavy forwarder on Splunk Enterprise 8.1.7.2 and I listen to portstcp 9514 andudp 514.
The data comes in to the main index and I perform a transforms/ props t...
I have 3 different log sources sending logs to Splunk from a number of hosts on on udp 514.
Breakdown : WLC (5-6 hosts), ESX(8) and Eqallogic (6). However, so far I am only getting datafrom W...
the configuration for tcpport is below but need to the same for udpport
Transforms:
[bigmoney]
REGEX = event
DEST_KEY=_TCP_ROUTING
FORMAT=bigmoneyreader
Props:
[host::machine n...
...ndpoint Cloud (Cylance) to the Splunk Heavy Forwarder pushing syslogs, for then to be forwarded to the Cloud. When testing , UDPports work and the connection is successful, h...
...ide array of TCP/UDPports. I started working to identify valid traffic which has used the rule, but a co-worker mentioned an easy win would be creating an ACL to block any ports which had not already b...