The logging isn't making it to my cluster. I'm trying to capture port traffic in one of my UF (universal forwarders) and sending it to my cluster. I have a few [monitor:/xxxx] setup in the same inputs.conf and they are working. Is there something different I need to do to get this port data_input to work?
Port: 10674
Trafic is coming to my server: TCPdump -n tcp dst port 10674 (works)
I've configured my universal forwarder local/inputs.conf
[tcp://:10674]
_TCP_ROUTING = PST_01
connection_host = none
index = Pacific_Coast_01
sourcetype = Pacific_Coast
I have indexDiscovery setup on my master.
Traffic isn't making into my peer cluster.
Any advice would be great. Thank You.
↧