Hi,
I have this document already and configured/made changes to output.conf, props.conf and transforms.conf files as per this. Still I could not forward logs from Splunk to McAfee ESM. I would need all syslog data to forward from Splunk.
Irrespective of data/port, when I enable forwarding or receiving in splunk, I get an error msg:
"Tcp output pipeline blocked. Attempt '100' to insert data failed." Any idea on this error would be helpful.
Also let me know what would be the target group in output.conf under :Forward Syslog data([syslog: ]). ?
... View more