Splunk® Light

Getting Started Manual

Download manual as PDF

Download topic as PDF

Monitor network ports using Splunk Light

You can monitor TCP or UDP ports to add data from the syslog service on one or more machines.

Select the network source

1. In the Add Data view, click Monitor.

2. Select TCP/UDP to view the configuration options for network ports.

3. Select either TCP or UDP.

4. Type in the Port number.

For example, the standard port for TCP is 9997 and for UDP is 514.

5. (Optional) Next to Source name override, type in a custom source name using the format host:port.

6. (Optional) Next to Only accept connection from, type in the name, IP address, or fully qualified domain name for each host. You can use wildcards to specify more than one host. This setting restricts the data input to specific machines or devices.

7. Click Next to continue.

Specify input settings

Use the Input Settings to modify the source type, host, and index assignments for the incoming network data.

1. Select the Source type from the list of predefined source types or type it in manually.

2. (Optional) Assign the Host field value.

  • Select IP for IP addresses.
  • Select DNS for domain name system.
  • Select Custom to type in a host name.

3. (Optional) Select a different Index to store the data.

You can Create a new index and refresh the list of indexes. By default all data saves to the default main index.

4. Click Review to continue.

Review and Save

1. Review the summary of your data input.

2. (Optional) Go back to make changes.

3. Click Submit to complete the add data process.

PREVIOUS
Monitor files and directories using Splunk Light
  NEXT
Use HTTP Event Collector in Splunk Light

This documentation applies to the following versions of Splunk® Light: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.1612 (cloud service only), 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1, 7.3.2, 7.3.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters