I am a new user to Splunk, and while I thought I had the basics down, I am getting stumped by this...
Logged into our APC UPS (Symmetra RM 6000) and told it to forward events to our Splunk server.
Went into Splunk and:
settings->data Inputs->local input->tcp
and create a new input using the sourcetype as 'syslog'
I am not seeing any data at all and the rule has been up for 3 days now. Is this the correct way to pull data from a APC UPS, or have I overlooked something obvious??
Same issue I have. We have created a dedicated Index for UPS logs. Every syslog message coming from a client starting with ups in its hostname should store logs to this Index. It's not working for any of my UPS Systems. When I use a cisco router, change hostname to ups it's working. So my strong guess is that it is related to the UPS, but don't know why.
Hi, which Splunk Adddon did you use to collect APC UPS?