Hello,
I am trying to collect data from a Hirschmann MACH102 switch in Splunk, using UDP port 514.
My computer (host) is 192.160.0.20, Switch IP is 192.160.0.10. I can ping my switch via PC.
Things I have done on splunk :
- New data entry : UDP, port 514, collect via IP
- New sourcetype : each-line event, in Network/Security category
- New index (just new name, I didn't set any parameter)
- On my switch web-interface have set a new syslog field with host IP as 192.160.0.20, port 514, active
And then, when I do a new Splunk search with the pre-done query, I don't have any events collected. I tried to connect/disconnect a PC on the switch (to create events) but nothing appears on splunk.
I have tried to collect data from a local file, it worked but not with a switch/syslog system.
I am new on Splunk, can anyone please help me?
Thank you in advance
... View more