Hi everyone,
Thanks for taking time in reading this and providing your knowledge , since i've been struggling a bit with this . I am having an issue with making a connection from the Endpoint Cloud (Cylance) to the Splunk Heavy Forwarder pushing syslogs, for then to be forwarded to the Cloud. When testing , UDP ports work and the connection is successful, however the logs are still not coming in Splunk Enterprise and not appearing in Splunk Cloud either. I have configured the Data input, the inputs.conf and the index correctly. Port 514 and 6514 TCP are opened on the security side (Firewalls). My question is , for either port 514 or 6514, is TLS/SSL required by default to make a connection to these ports ? Or it should connect successfully if I choose it to not be encrypted?(testing) Even when trying with a different random TCP port and the connection is successful, the dashboards in Cylance do not populate. Am I missing a piece of the puzzle ? I've made sure to follow all steps provided
Any help is appreciated.
Thanks
... View more