Filtering Windows Security Events based on blacklist
Hello I am using Splunk UF 6.1.4 on my Windows Domain controllers to monitor windows events. I've put in place a working blacklist to filter out a number of events and that works fine. The issue I have...
View ArticleProblem with Line breaking between Splunk 6.2.3 vs 6.3.0
We have a development environment (replica of prod) running Splunk 6.2.3 (upgraded from 6.1.5). I am testing monitoring of a file which has snmp traps received using net-snmp snmptrapd on *nix...
View ArticleIs there a plan to release a Universal Forwarder for the Raspberry Pi 2?
Is there a plan to release a Universal Forwarder for the Raspberry Pi 2? With a different processor, it's my understanding that it will need to be recompiled...
View ArticleHow to troubleshoot why an indexer is only receiving data from 50% of...
I spent hours trying to figure this out Friday, and it's been bugging me all weekend. So, I'm hoping the community can help me figure this out! The info below is all from memory, hopefully I don't miss...
View ArticleWhy are fields not being extracted using props.conf on my universal forwarder?
Hi, I have been using a props.conf file to extract fields in my event logs, but it does not seem to be working. Below are the sample props.conf and event. Any help is much appreciated. C:\Program...
View ArticleWindows Custom Application logs onboarding - Scan all drives and list the...
We have a requirement to detect various application logs from multiple Windows boxes. The current data collection process is too manual by going to specific teams and finding the location of...
View ArticleWhy does my Deployment Client not phone home with error "unable to resolve my...
I have installed a universal forwarder on a Linux machine, and I configured it as a deployment client to phone a Splunk server at 192.168.1.28:8089. Unfortunately, it never does so. My...
View ArticleWhy is my sourcetype not parsing as CSV and am getting two events: one with a...
I'm trying to parse a CSV file, but I'm getting two events: one with a header and one with a raw event. It is driving me nuts. I've tried deleting and reloading the data multiple times. The file has 2...
View ArticleHow does universal forwarder load balancing work?
Given this in outputs.conf: [tcpout: my_LB_indexers] server=10.10.10.1:9997,10.10.10.2:9996,10.10.10.3:9995 It states in the documentation that "The universal forwarder will load balance between the...
View ArticleUF not sending logs from all folders monitored
Hello Splunkers. I have an issue that I've been dealing with for the past 2 days but no success in solving it. I'm working on a Splunk cluster environment, 3 SH and 2 IDX. I have an UF installed in a...
View ArticleHow to automate a silent installation of a Splunk universal forwarder on...
Hello fellow Splunkers, Have any of you been able to install Splunk Universal Forwarder on Solaris using the PKG file? I'm trying to script it so that it is installed silently without any interactions....
View ArticleHow to install Splunk App for Stream in a test machine without installing Splunk
Hello, If I want to install Splunk App for Stream on a universal forwarder of a local test machine for sending the data to a Splunk Enterprise instance without installing Splunk, how do I do this?...
View ArticleWhy is my deployment client showing as disabled and says splunkd needs to be...
I'm troubleshooting a deployment client and I've gotten stuck; Deploy server $ /splunk/bin/splunk --version Splunk 6.1.4 (build 233537) Note: This server deploys apps successfully to 125+ clients....
View ArticleIs there any history of the apps downloaded to my universal forwarders from...
Is there any history of the apps downloaded to my universal forwarders from my deployment server?
View ArticleCan someone help me to install and configure a universal forwarder on a...
I need to collect the security logs from the Windows 7 machine and add the data to Splunk Cloud. I am new to Splunk and am not familiar with the product. Thanks,
View ArticleAfter installing a universal forwarder on Windows 7, why am I only receiving...
I have installed the Universal Forwarder on a Windows 7 Enterprise Workstation. I installed selecting all the Eventlog sources. It is forwarding events to an indexer running on Linux, but the Indexer...
View ArticleHow does universal forwarder load balancing work?
Given this in outputs.conf: [tcpout: my_LB_indexers] server=10.10.10.1:9997,10.10.10.2:9996,10.10.10.3:9995 It states in the documentation that "The universal forwarder will load balance between the...
View ArticleUF not sending logs from all folders monitored
Hello Splunkers. I have an issue that I've been dealing with for the past 2 days but no success in solving it. I'm working on a Splunk cluster environment, 3 SH and 2 IDX. I have an UF installed in a...
View ArticleHow to automate a silent installation of a Splunk universal forwarder on...
Hello fellow Splunkers, Have any of you been able to install Splunk Universal Forwarder on Solaris using the PKG file? I'm trying to script it so that it is installed silently without any interactions....
View ArticleHow to install Splunk App for Stream in a test machine without installing Splunk
Hello, If I want to install Splunk App for Stream on a universal forwarder of a local test machine for sending the data to a Splunk Enterprise instance without installing Splunk, how do I do this?...
View Article