Is it possible to have splunktcp listeners bound to different IP addresses? I see the SPLUNK_BINDIP option, but that's not what I'm looking for.
While transitioning from our 3.3 servers, and another server using syslogd I'd like to have 2 separate inputs on udp:514. I would use this second listner to segregate all data off into a temporary index that I would later delete. I've had issues with dates being classified incorrectly and I don't want to replicate that issue to our new servers. As data is verified and new splunk forwarders are installed I would move data off this secondary interface.
I don't believe there's a way to bind a specific UDP or TCP input stanza to a particular IP address.
If you're on Linux, you can work around it with iptables. Move each listener to a different, dedicated port number. Then, define iptables rules to redirect traffic to the correct ports as needed.
If you decide to go the iptables route, this may help:
http://straylink.wordpress.com/2006/08/16/using-iptables-to-redirect-packets/
I don't believe there's a way to bind a specific UDP or TCP input stanza to a particular IP address.
If you're on Linux, you can work around it with iptables. Move each listener to a different, dedicated port number. Then, define iptables rules to redirect traffic to the correct ports as needed.
If you decide to go the iptables route, this may help:
http://straylink.wordpress.com/2006/08/16/using-iptables-to-redirect-packets/