Graylog to SPLUNK


(Paul Fabrizi) #1

We are new to SPLUNK and originally we were going to us the UF from SPLUNK but we have now decided to forward from Graylog to SPLUNK using the graylog add-on.

I have this setup (inputs.conf) using TCP listener on port 9997.

When I look in the splunk log I see errors indicating the payload is too large. I have tried everything. Has anyone had an experience with this? these are windows security events.

Thanks!


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.