Not getting data ofter configuring TCP 80 port in inputs.conf my stanza is like this [tcp://80] connection_host = dns index = port sourcetype = syslog can you give me any idea on this. thnks i...
...14".
I made sure to enable ports with these lines in default-mode.conf:
[pipeline:udp]
disabled=false
But I am not getting anything coming in to Splunk.
I have cygwin installed and w...
We have some firewall devices sending data to one index previously. Now I have to create new index for some of the devices to send data through TCPport. I'm unable to find old index and I'm not s...
hi all
I am running on a windows heavy forwarder on Splunk Enterprise 8.1.7.2 and I listen to portstcp 9514 andudp 514.
The data comes in to the main index and I perform a transforms/ props t...
...howing up in "Forwarder Management" but I can't seem to get event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
Hi all,
I have a cluster with 2 indexers. I want to collect the UDP logs from Fortinet Firewall. I have setup the syslog forwarding from our FW to 1 indexer, but we haven't received any log data....
I have 3 different log sources sending logs to Splunk from a number of hosts on on udp 514.
Breakdown : WLC (5-6 hosts), ESX(8) and Eqallogic (6). However, so far I am only getting datafrom W...
the configuration for tcpport is below but need to the same for udpport
Transforms:
[bigmoney]
REGEX = event
DEST_KEY=_TCP_ROUTING
FORMAT=bigmoneyreader
Props:
[host::machine n...
...ndpoint Cloud (Cylance) to the Splunk Heavy Forwarder pushing syslogs, for then to be forwarded to the Cloud. When testing , UDPports work and the connection is successful, h...