Getting Data In

Why am I unable to collect basic syslog from APC UPS after creating a TCP input in Splunk Web with the sourcetype as 'syslog'?

nking4930
New Member

I am a new user to Splunk, and while I thought I had the basics down, I am getting stumped by this...

Logged into our APC UPS (Symmetra RM 6000) and told it to forward events to our Splunk server.

Went into Splunk and:
settings->data Inputs->local input->tcp

and create a new input using the sourcetype as 'syslog'

I am not seeing any data at all and the rule has been up for 3 days now. Is this the correct way to pull data from a APC UPS, or have I overlooked something obvious??

0 Karma

NazgulSE
New Member

Same issue I have. We have created a dedicated Index for UPS logs. Every syslog message coming from a client starting with ups in its hostname should store logs to this Index. It's not working for any of my UPS Systems. When I use a cisco router, change hostname to ups it's working. So my strong guess is that it is related to the UPS, but don't know why.

0 Karma

jbrocks
Communicator

Hi, which Splunk Adddon did you use to collect APC UPS?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...