For all of the given sources, there is data sent, either continuously, either on-demand. This is validated in metrics.log for port 9997 55823:03-01-2023 00:02:02.367 +0000 INFO Metrics - group=tcpin_connections, 192.168.x.y:54836:9997, connectionType=cooked, sourcePort=54836, sourceHost=192.168.x.y, sourceIp=192.168.x.y, destPort=9997, kb=0.334, _tcp_Bps=11.032, _tcp_KBps=0.011, _tcp_avg_thruput=0.011, _tcp_Kprocessed=1877.581, _tcp_eps=0.032, _process_time_ms=0, evt_misc_kBps=0.000, evt_raw_kBps=0.000, evt_fields_kBps=0.000, evt_fn_kBps=0.000, evt_fv_kBps=0.000, evt_fn_str_kBps=0.000, evt_fn_meta_dyn_kBps=0.000, evt_fn_meta_predef_kBps=0.000, evt_fn_meta_str_kBps=0.000, evt_fv_num_kBps=0.000, evt_fv_str_kBps=0.000, evt_fv_predef_kBps=0.000, evt_fv_offlen_kBps=0.000, evt_fv_fp_kBps=0.000, build=3.5.3-08986e05, version=3.5.3-08986e05, os=linux, arch=x64, hostname=mlcribl002, guid=f2095906-d733-4453-8b2a-327df0005014, fwdType=full, ssl=false, lastIndexer=None, ack=true For port 9514, `logger --server localhost --port 9514 "test splunk logger"`date`` For systemd-journald, in splunkd.log, before group permission was fixed, got 19275:02-27-2023 01:07:10.419 +0000 ERROR ExecProcessor [185621 ExecProcessor] - message from "/opt/splunk/bin/splunkd journald-modinput '$@'" No journal files were opened due to insufficient permissions. For dpkg.log, in splunkd.log, after setup 02-27-2023 01:08:16.737 +0000 INFO TailingProcessor [218543 MainTailingThread] - Adding watch on path: /var/log/dpkg.log. Indexes exist as shared in indexes.conf and confirmed in Web UI
... View more