I have 3 different log sources sending logs to Splunk from a number of hosts on on udp 514.
Breakdown : WLC (5-6 hosts), ESX(8) and Eqallogic (6). However, so far I am only getting data from WLC hosts.
I am thinking of assigning different udp ports for esx and equallogic hosts to ease categorization on Splunk?
What would be the ideal ports for the above log sources ? Please advise
↧
