×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
zhangru
Engager
Member since: ‎09-22-2021
‎09-23-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-22-2021
Activity Feed
Topics I've Started
View All

Syslog and UDP (Data Input)

by in Getting Data In
‎09-22-2021 05:06 PM
‎09-22-2021 05:06 PM
I had a EC2 syslog client and a MacOS which installed the Splunk Enterprise. I want my Splunk Enterprise to be my syslog server. In that way, I should configure my syslog client to transfer syslog to Splunk Enterprise and nothing syslog server configure stuff need I make. On Splunk server I created a UDP Data Input. I also exposed 514 port and specified an Index for this Data Input. I set SourceType as 'syslog'. On syslog client side, I configured the destination to be *.* <Splunk Enterprise IP>:514 in its rsyslog.conf file. I tried to use logger to generate syslog on my client side e.g. logger -p local0.crit "...", but there was no event showing up in my index when I did the search. Basically, in my understanding the Splunk Enterprise Server can function as a syslog server which can receive message from syslog clients.  (Screenshot is from:  https://www.youtube.com/watch?v=BQU-bsSCXhk) Is there any step I did incorrect or do I miss any step?      ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-23-2021 04:34 AM
Karma given to
View All