I am new to this splunk community and as such usage of splunk in general. I have a unit which is configured to send syslog to any server. For this purpose I have splunk web app running on a system (Windows 7). The netstat -b -a command shows splunkd and splunkweb running ( LISTENING):
TCP 0.0.0.0:514 abc-PC:0 LISTENING
TCP 0.0.0.0:8000 abc-PC:0 LISTENING
TCP 0.0.0.0:8089 abc-PC:0 LISTENING
TCP 0.0.0.0:9997 abc-PC:0 LISTENING
UDP 0.0.0.0:515 *:*
The client which is sending the syslog server has IP: 192.168.1.99
The system where my splunk web app (abc-PC) is running has IP: 192.168.0.99 ( both can ping each other)
The client is configured to sent the syslog on port 514. But as you can see from the netstat output, splunk seems to be listening on 514 but log is empty. How to resolve or suggest some ways to proceed in debugging. Also why do I see multiple splunkd.exe running. Is it normal?
Hope to get some suggestions/feedback soon.
... View more