Hi, I'm ingesting syslog logs with the UDP input, but I have seen others pipelines for syslog logs that use both UDP and TCP, so I was wandering why they do that?, they get different syslog logs from each port? Im getting half of the logs?
In my experience, I listen on both because I don't know which a client will use, but a client seems to use one or the other.
Are you missing some events from clients or are you missing ALL events from some clients? UDP in unreliable, but unless something is very very bad, it's usually better than 50% 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.