Hi everyone!
I'm posting here because I have a problem with Splunk:
I've got an application (The Grinder) which generate a lot of datas in some csv-files. This application is able, thanks to a file named "logback-worker.xml", to forward via the syslog protocol those datas.
So, I tried this:
I configured the "logback-worker.xml" file in order to forward the datas to an instance of the universal forwarder of splunk, to the port 7777. Then, on Splunk, I created a receiver to listen on port 9997. The idea is to receive datas on port 7777 and to forward it to the port 9997.
So, my question is: is there any special configuration I have to do with the inputs and outputs files?
I precise that I want to use TCP, not UDP.
Thanks in advance.
Stock universal forwarders cannot listen to remote inputs like TCP / UDP / SplunkTCP (the splunk to splunk protocol).
they can only send to the indexer on splunktcp.
FYI a tcp input is in inputs.conf and looks like
[tcp://7777]
sourcetype=syslog
Thanks, I finally found a way to do what I wanted to do 🙂
Stock universal forwarders cannot listen to remote inputs like TCP / UDP / SplunkTCP (the splunk to splunk protocol).
they can only send to the indexer on splunktcp.
FYI a tcp input is in inputs.conf and looks like
[tcp://7777]
sourcetype=syslog