Why is forwardedindex in outputs.conf not working on my Windows universal...
I have a universal forwarder running on a Windows Server 2008 R2 server. `.../etc/system/local/inputs.conf` is monitoring Windows Security, System, and Application events, with index=os-win for each...
View ArticleHow many log sources can be received and forwarded from a universal forwarder?
Hi users, Probably a bit silly question, but because I've never seen that setup in any of Google searches, I have that simple question: I want to use a forwarder to forward logs from about 50 Windows...
View ArticleWhy is CPU on the universal forwarder not used most of the time and we see...
Hi, I was monitoring Universal Forwarder's CPU usage with the environment below, and I put 13GB sized file on Universal Forwarder server to send to the indexer and monitored it with limits.conf set...
View ArticleWhy are some universal forwarders only downloading deployed apps from the...
I have many Windows PCs (100-150) in Azure with Universal Forwarders Win x64 Splunk 6.2.4. I have a problem where some of them (30-50%) did not download a deployed app from the deployment server until...
View ArticleIs it possible to have a script run on a Heavy Forwarder to process and...
Looking to set up a Heavy Forwarder as a data processing server. We get data logs in a specific format dropped on our production machines, but it needs to be opened and converted to CSV by a special...
View ArticleIs it possible to transport data from a Windows event log view?
Hi, In our environment, many applications are logging into the Windows Application Event log. We would like to transport it separately. Is it possible to transport data from a Windows Event log View?...
View ArticleCan I enable SSL for a universal forwarder (public IP), but not for a local...
Hi, Can I enable the SSL for the universal forwarder that will access it through the public ip, but not the forwarder that accesses Splunk from its private ip? Is it possible? Thanks,
View ArticleHow to drop _internal logs received from universal forwarders on a heavy...
Hi Team, We need to drop _internal logs forwarded by universal forwarders as _internal logs are consuming most of the disk space. As the number of universal forwarders is high, it's not possible to...
View ArticleHow to configure universal forwarders (deployment clients) on Windows...
Complete Splunk beginner here. I am learning to use Splunk. We have a bunch of Windows machines that we want to pull the logs from. This is what I understand from the docs, but please correct me if I...
View ArticleHow to install and configure a universal forwarder on vCenter Server...
Hi, I'm trying to find a clear installation step to deploy Universal Forwarder on vCenter Server Appliance 6.0 (Linux Appliance) and send vCenter logs to Splunk. Thank you
View ArticleWhy am I getting incorrect results from btool during diagnostics for a Splunk...
When running the btool on the inputs.conf files on a Windows universal forwarder (v6.3.1), the results appear to be incorrect and this is making it difficult to find the root of my original issue. The...
View ArticleIf an identical input is specified in inputs.conf for multiple apps on a...
If an input is specified identically in the inputs.conf file of multiple apps running on a Universal forwarder, will the same data be gathered multiple times (and thus generate extra license usage) or...
View ArticleWhy does Splunk think my file is binary
Hi, I'm trying to process a ".log" file on a Windows server, and Splunk keeps ignoring it, stating that it's a binary file. 02-26-2016 09:26:54.574 -0500 WARN FileClassifierManager - The file...
View ArticleDoes an intermediate forwarder need to be a heavy forwarder, or can a...
I am interested in forwarding syslog and Windows events from a DMZ to Indexers which reside inside our network. We are planning to install universal forwarders both on the syslog and Windows servers,...
View ArticleWhy is Indexer Discovery on a Splunk 6.3.3 universal forwarder failing with...
We followed the documentation as specified, but when we configure the universal forwarders as specified we get the error below 02-26-2016 08:47:11.754 -0600 ERROR HttpClientRequest - Caught exception...
View ArticleHow do I measure the time taken to forward data from a universal forwarder to...
Hi, I am using a universal forwarder to forward data to an indexer. How do I measure the time taken to forward the data to indexer? Thanks
View ArticleWhat is a good way to compare all the VMs in a VMware vSphere with all of the...
First off, let me say that we do not have plans to purchase the VMware app. I would like to be able to identify any VMs which do not have the Universal Forwarder installed and I considered having the...
View ArticleWhy are monitored JSON files on a universal forwarder getting indexed with an...
I am doing a web scraping project using Splunk and Scrapy. I have a server that's responsible for web scraping and has the universal forwarder installed. The forwarder will forward the scraped data,...
View ArticleHow to enable deployment server functionality on a universal forwarder?
Hi, Could anyone please tell me that what is needed on the universal forwarder side to enable deployment server functionality, and how can we configure new input with deployment server? Thanks in Advance
View ArticleHow to troubleshoot why inputs.conf from a deployed app is not properly...
Hi, At the moment I am testing Splunk at work. So far, I only have a single Splunk Enterprise instance (acting as deployment server) and a Win7 workstation. I created a simple app with the purpose of...
View Article