Yes, this was the issue I had as well running Splunk on 8.2.1 Splunk was unable to ingest syslog data while the application was running as the user Splunk. Running as root has resolved the issue. A more appropriate technical resolution would be identifying if we could set the user Splunk to be able to listen on ports lower than 1024
... View more