According to our Infra specialist, there are (incoming) packets from A10 through Eth1 (interface)
UDP port has been configured under 'Data inputs' and this port (also) shows in the server
Index shows no events
What am I missing here?
Hi,
Verify that the data input points to that index and is enable.
Verify that the port can be open by splunk user, its mean that if splunk is running with not root user, all ports under 1024 are forbiden.
Verify with telnet from the server that you can open a connection localyt to that port.
Hope i help you
Splunk server:
The Data Inputs has been configured for UDP port 1514
Source Type = a10 (chosen from List)
More settings : Set host = IP / Index = a10networks / Restrict to Host = 'empty'
Props.conf (under default) has been updated for port 1514
Linux server:
udp 0 0 xxx.xxx.xxx.xxx:1514 0.0.0.0:*
As it's an UDP port, telnet propably doens't work ...
Hi,
You can verify that the port is LISTEN
netstat
Hope i help you
I am using netstat -- It's an UDP Port -- UDP port doesn't show as LISTENING like TCP port
Review this to probe.