Looking for a working example of the splunk-hec() declaration for syslog-NG PE 7.0.29

I am following the example on page 563 of the 7.0.29 Admin guide, and its not working. I am able to test with curl commands to send from my Relays to splunk with great success, so its not a port issue, or network issue. I would appreciate your time!

Parents Reply Children
  • Greetings pongchang, this looks like its right out of the admin guide and it didnt work for me; however, I did get it to work. Support could NOT help me out, so I did the following. I actually have SSBs running, 6.10.00 FRS, I enabled a splunk destination, and then looked at the syslog-ng.conf file via ssh to see what the SSB wrote when I enabled it from the GUI, I used that and tweaked it a bit for my environment, and it works now. This was the only way I could get it to work. Thanks for the suggestion.