Solved: UDP input and _TCP_ROUTING - is it possible?

andyk · ‎02-14-2011

Is it possible to use _TCP_ROUTING with a UDP input? I can not get it to work. My other "monitor" inputs works fine with _TCP_ROUTING. This is a full forwarder not a lwf.

inputs.conf:

[udp://514]
index = testapp
sourcetype = syslog
_TCP_ROUTING = pnlogGroup

outputs.conf:

[tcpout]
defaultGroup = SlogGroup
disabled = false
indexAndForward = 0

[tcpout:pnlogGroup]
disabled = false
server = 10.0.0.41:9997

[tcpout:SlogGroup]
disabled = false
server = 10.0.0.50:9995

Masa · ‎03-15-2013

I think you already got answer a looooooong time ago. Answer is yes. A full Forwarder process data and parse events from udp inputs, and send the processed/parsed to Splunk as you configured in outputs.conf.

View solution in original post

kml_uvce · ‎03-16-2013

yes, here you are reciving data via udp but sending data via tcp and both are separated...
-Kamal Bisht

Masa · ‎03-18-2013

What do you mean by "sending data via tcp and both are separated.."?

Masa · ‎03-15-2013

I think you already got answer a looooooong time ago. Answer is yes. A full Forwarder process data and parse events from udp inputs, and send the processed/parsed to Splunk as you configured in outputs.conf.

UDP input and _TCP_ROUTING - is it possible?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?