2

I have Splunk setup, and it establishes connection with syslog and splunk universal forwarder from a remote server:

Splunk setup and establishes connection with syslog and splunk universal forwarder

I have syslog-ng setup as follows: Syslog source and destination

Syslog log output

You can see the connections established connections from syslog source of logs and forwarder

This is the inputs.conf for the splunk universal forwarder: enter image description here

But still no data is being received by splunk: enter image description here

Am I missing something? And how would I go about troubleshooting the issue and fixing it?

Ken White
  • 123,280
  • 14
  • 225
  • 444
tks.tman
  • 414
  • 6
  • 16
  • 1
    That inputs.conf stanza should have `index` and `sourcetype` settings. Also, "whitlist" should be "whitelist". That won't solve the problem, however. – RichG Jan 14 '23 at 17:18
  • likely a good question - but belongs on Server Fault, not Stack Overflow – warren Jan 17 '23 at 14:07

0 Answers0